Despite news of security breaches and identity fraud regularly making headlines all over the world and experts continually urging users to be more vigilant online, consumers are still careless when it comes to online security. Lab42 asked 2,000 adults around the world about their cyber security habits to discover whether “there is a psychological reason behind risky password practices”.
You know it’s bad but you can’t help yourself
The research showed that, although the majority of people surveyed knew how to create a secure password (82% knew it should be a combination of characters, numbers and symbols), plenty of them still failed to put their knowledge into practice:
- 47% use family and friends’ names
- 42% use significant dates and numbers
- 26% use their pets’ names
- 21% use birthdays.
Furthermore, although 91% were aware of the risk associated with password reuse, 61% continued to do so.
You don’t change passwords for security reasons
Many know that it is good security practice to regularly change passwords to reduce the risk of unauthorised access, but for 29% of those interviewed the top reason for changing passwords is that they forgot them.
Bad password practices impact your corporate security
According to Verizon’s 2016 Data Breach Investigation Report (DBIR), “63% of confirmed data breaches involved weak, default or stolen passwords”. Furthermore, the report showed that reused credentials were exploited both in “highly targeted attacks” and “opportunistic malware infections”.
Better user awareness is the key
Regardless of the effort and resources you put into creating robust information security policies, if you don’t share them among employees, your efforts will be vain.
If you are a manager, you should recognise the importance of staff training to make sure that all your efforts to keep your company secure against cyber attacks are understood by your employees. Raising their awareness of information security risks can truly make the difference when securing your business.