Despite high-profile data breaches and increased hacking attacks targeting individual users, statistics show that changing employees’ mindsets is a challenge for many organisations.
SailPoint’s Market Pulse Survey revealed that employees are indifferent to protecting corporate data and this is most evident in the way they treat password management.
According to the results, 56% reuse passwords for the personal and corporate applications they access daily and as many as 14% of employees use the same password across all applications. On average, employees use only three different passwords and 20% share them with their team members.
Shockingly, one in seven employees admitted they would sell their passwords for as little as USD$150.
Protecting corporate data – employees vs employers
While employees should be accountable for the protection of sensitive corporate data, employers have a duty to educate their staff about cyber security and what it means for them and the organisation. Employees that exhibit indifference should be made aware of the impact that careless use of passwords can have on their own data as a way to encourage responsibility. Companies that are aware of the problems but don’t take effective measures to tackle them can equally be accused of being indifferent to data protection.
Tackling the insider threat with ISO 27001
ISO 27001, the international information security management standard, offers a systematic approach to managing sensitive company information so that it remains secure by applying a risk management process that includes people, processes, and IT systems.
The Standard provides comprehensive guidance on staff awareness, access control management including user registration, privilege management, user password management and more.
Implement ISO 27001 by deploying IT Governance’s fixed-price ISO 27001 implementation solutions, which have been designed to meet any organisation’s preferences for tackling ISO 27001 compliance projects.