Employees aren’t taking security best practices into their personal lives, according to the Ping Identity 2015 Online Identity Study. While 74% of employees wouldn’t give up their work login credentials for anything, a third of respondents noted that they would give up their personal email information.
The line between personal and professional use of apps and devices is blurry, and while employees claim to prioritize online security, the data shows they are struggling to follow best practices and take accountability for their actions. In the event of a data breach, most employees say the blame would fall on IT and not on their own risky behavior.
On the positive side employees are using complex passwords. On the negative side they are reusing those same passwords across multiple sites. “No matter how good employees’ intentions are, this behavior poses a real security threat,” said Andre Durand, CEO of Ping Identity.
Unsafe password practices were noteworthy given the high value respondents place on their passwords.
- 58% of respondents believe that protecting work-related information is very important — even more so than their personal emails and home addresses
- Even though 78% believe that it’s risky to share passwords with family members, 37% are likely to do so. The majority of respondents (54 percent) also admit to sharing their login information with family members so they can access their computers, smartphones and tablets
- Half of respondents admit that they are likely to reuse passwords for work-related accounts. Nearly two-thirds – 62% — are likely to reuse passwords for personal accounts
- While 66% say they wouldn’t give up their personal email login credentials for anything, 20% would trade them for a paid mortgage or rent for one year, and 19% would give up their personal email login credentials to pay off student loans or higher education tuition
- People are more careful concerning their work login credentials: 74% would not give up their work email login credentials for anything
The survey respondents laud IT for implementing good or excellent password policies and enforcement. However, they also lack confidence in the IT department’s efficacy in preventing data breaches. In the event of a data breach, most employees say the blame would fall on IT rather than their own personal risky behavior.
- 82% say their company has good or excellent password and authorization measures in place
- 76% are prompted to change their passwords every one to three months
- 59% believe IT is ultimately accountable in the event of a corporate data breach. C-level executives are the next to be held accountable, at 17%
- Only 11% believe they can be held accountable for a breach.
Ping Identity surveyed a representative sample of U.S. adults who work either part time or full time at businesses with more than 1,000 employees to learn about their perception and experiences with personal and corporate security.