Many businesses are not doing enough to control access to work-related accounts, despite the distinct threat posed by insiders, new data suggests.
According to a report from authentication firm Beyond Identity, almost a quarter of people still have access to accounts from previous jobs, exposing companies to data theft and sabotage by disgruntled ex-employees.
Based on a poll of 1,000 workers, the report also highlights dangers associated with password sharing, which is commonplace across many businesses. Of those surveyed, just under half (41.7%) admitted to sharing workplace passwords with either co-workers, contractors, or family and friends.
- Here's our list of the best business password managers right now
- Check out our list of the best security keys available
- We've built a list of the best password generators around
Data shared exclusively with TechRadar Pro shows that password sharing goes on most frequently among employees in management positions, many of whom are likely to have access to a significant quantity of sensitive corporate data.
Ironically, employees of this type were also most likely to say that password sharing should be made a sackable offence, highlighting a wilful disregard for password best practices.
Password security
The reason for poor password hygiene almost always comes down to convenience, with under-pressure employees seeking ways to streamline workflows and avoid friction associated with measures such as two-factor authentication.
Almost half of respondents said that strict password policies have a direct impact on productivity and, for this reason, one in ten rarely or never change their passwords (with the rate rising to 20% among small companies).
Many employees also use a single universal password across work and personal accounts, increasing the risks associated with credential stuffing attacks, should credentials be exposed in a third-party data breach.
To rectify the issue, Beyond Identity has called on businesses to abandon the password forever, in favor of alternative authentication methods that are not detrimental to productivity, nor vulnerable to abuse.
"While companies do all they can to protect against the threat of cyber attacks and data breaches, they may never truly be safe without passwordless authentication. Good password hygiene hinders good product usability by causing friction during the login process. Even when businesses implement strict password policies, they can be undermined by lax password habits among employees,” explain Jasson Casey, Beyond Identity CTO.
“Reusing work passwords for personal accounts, sharing passwords among colleagues, former employees maintaining access to their credentials, and infrequently changing passwords are just some of the ways in which requiring employees to use passwords may be leaving employers’ data vulnerable."
- Check out our list of the best identity management services
