A Lack of Employee Cyber Hygiene is the Next Big Threat
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.
Employee cyber risk is a multifaceted issue that revolves a lot around cyber hygiene, according to new data in Mobile Mentor’s inaugural Endpoint Ecosystem Report.
It involves a number of issues that organizations are going to need to address effectively and quickly.
A few issues I really want to highlight here include passwords, device use, and a lack of proper training. Despite most phishing attacks focusing on credentials, employees still have terrible password hygiene:
- Gen-Z employees have more than 20 work passwords and type more than 16 passwords daily
- 69% of employees admit to choosing passwords that are easy to remember
- 29% of employees write their passwords down in a journal
- 24% store passwords in a Notes app on their phone
But the device is secure, right? Wrong.
Only 43% of organizations have BYOD securely enabled, with just one-third of employees able to securely access corporate systems, data, and apps from personal devices. With 64% of employees using a personal device for work, this is a massive risk.
So, these companies are making up for it by properly training their employees about cyberattacks, vigilance, good hygiene, etc., right? Again, wrong.
According to the report only 25% of in-office workers receive security training monthly. Remote employees have it a bit better (with 43% receiving training), but it’s evident by just the poor password hygiene that organizational leadership isn’t taking this seriously and aren’t looking to elevate the individual employee’s mindset around the need to be secure while working – and the employee’s role in helping to maintain that state of security.
Those organizations focused on continual Security Awareness Training demonstrate a commitment to seeing every aspect of the employee’s interaction with corporate resources, applications, and data on the one hand (with email and the web on the other) be as secure as possible – starting with the employee’s own awareness being elevated to a state of vigilance to ensure better cyber hygiene and a more secure organization.