Poor security habits within large public sector and commercial organizations are leading to loss of important data and intellectual property. According to a report by Microsoft Ireland, 22% of employees write down their passwords and 8% of them keep the passwords in a document on computer. 44% of employees recycle their personal passwords, which means that they tend to use same passwords for both work and home devices.
Microsoft Ireland commissioned Amarach Research across 700 employees working in large Irish organizations to find the security culture within organizations to understand the way employees access and use confidential data at work and on the go. The research found security gaps that allows hackers to exploit enterprise systems.
As per the report, employees that work from home are more likely to engage in activities that can cause security concerns as compared to other employees.
“Organisations can invest in robust data protection and security measures, but their employees could, accidently, bring about a potential security disaster for their organisation,” said Des Ryan, Microsoft Ireland Solutions Director.
“The most common and least detected sources of data breaches are compromised identities. Passwords can be hacked, guessed, leaked or lost. New technologies like biometric security can deliver the robust security required to protect organisations from most social engineering attacks.”
49% of employees use personal email accounts to save, edit, send, and share work related documents. Further, 24% of employees accidently share work-related items with their friends and family. 73% of them use free Wi-Fi for their work when working from home.
Only 54% of employees said that they receive proper data security training once a year. Only 16% of them had changed their passwords in last 12 months in line with the policies of organization.
Microsoft also mentioned that employees are using same weak passwords across different accounts in their work and home. If one of the passwords is leaked, this can lead to hacking of other accounts as well. For addressing this issue, 60% employees choose to use biometric authentication as an alternative to passwords.
One in three organizations allow employees to use work devices for work purposes only. 50% of employees reported that their personal is better than work device. Whereas, 30% of employees sometimes use their personal device for accessing work files.
“Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organization,” added Des Ryan.
“We see needless security risks created by employees who are unaware or are working from older devices or older versions of Windows. For example, those who are working in a public Wi-Fi spot who do not have the latest security measure or hardware and are in effect, broadcasting sensitive data that can be picked up by a hacker.”
Along with these security concerns, Microsoft also shared some tips to protect the organization. The enterprises should provide training to employees to keep them updated on latest cyberthreats and help them learn what they can do to keep confidential data safe.
Employees should open links in emails only when the emails are from trusted sources. They should use longer passwords by mixing them up with upper- and lower-case letters, special characters, and numbers. Multi-factor authentication should also be considered.
Further, organizations need to keep every enterprise software up-to-date, to avoid vulnerabilities. Latest version of Windows 10 should be used, especially because the support for Windows 7 is nearing end.
To access full report, click here.