A recent Ping Identity survey of more than 1,000 enterprise employees in the U.S. has found that almost half of respondents admit that they’re likely to reuse passwords for work-related accounts, and almost two-thirds reuse passwords for personal accounts.
“Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues,” Ping Identity CEO Andre Durand said in a statement. “No matter how good employees’ intentions are, this behavior poses a real security threat.”
“IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too,” Durand added. “This is a defining moment for CISOs and CEOs, and tackling these pervasive disconnects will require both to come together to rethink how they ensure that the right people have access to the right data from any device, no matter where they are.”
The survey also found that while 78 percent of respondents believe it’s risky to share passwords with family members, 37 percent admit doing so — and 54 percent admit to sharing their login information with family members so they can access their computers, smartphones and tablets.
And while 66 percent of respondents said they wouldn’t trade their personal email login credentials for anything, 20 percent said they would trade them for a paid mortgage or rent for one year, and 19 percent would trade them to pay off student loans or higher education tuition.
Fifty-eight percent of respondents said protecting work-related information is more important than protecting their personal emails and home addresses — and fully 74 percent of respondents said they wouldn’t give up their work email login credentials for anything.
In general, enterprise security policies seem to be solid. Eighty-two percent of respondents said their company has “good” or “excellent” password and authorization measures in place, and 76 percent said they’re prompted to change their passwords by IT every one to three months.
Still, just 11 percent of respondents believe they could be held accountable for a data breach — 59 percent believe IT is ultimately accountable in the event of a corporate data breach, and 17 percent said C-level executives are ultimately accountable.