1 in 8 UK employees reuse personal passwords at work – putting businesses at risk

Almost three quarters of UK employees are not changing their work log-in and email passwords enough putting businesses at risk of cyber-attacks, new research by CSS Assure has revealed.

Of those, almost one third admitted to never changing their work passwords or only doing so when prompted, while 1 in 8 employees (12%) said they use the same passwords personally and professionally.

This World Password Day (5 May), CSS Assure has warned employers to protect their businesses against cyber-attacks due to the major financial, reputational and legal damage they can cause.

Those doing manual work (78%), as well as graduates (70%), directors and business owners (77%) are least likely to change their work passwords enough – highlighting the importance of education at all levels.

One in five directors and business owners (21%) admitted to reusing passwords across multiple accounts, while a quarter of senior managers (25%) said they write their passwords down in a notebook or on a mobile application.

Worryingly, despite infrequent password updates and reusing passwords across multiple sites, 74% of respondents claim to be cyber security aware.

Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure.

Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said: “Cyber criminality is here to stay and is an increasing plague on society – causing untold damage, while fuelling and funding international crime and global terrorism.

“No business is immune from cyber-attacks, and it is vital companies make themselves as hard to hack as possible. At a minimum, businesses should encourage and remind their employees to change their passwords at least once every three months as this will stop or prevent access to accounts if data has been breached.

“While this may seem like a faff, doing so is the single greatest defence a business can take towards protecting itself against a cyber attack. Currently, there are millions of emails and passwords for sale on the dark web for miniscule amounts, waiting for cyber criminals to purchase.

“Using the same password across multiple accounts or both personally and professionally is a major weak link in a company’s security system. If one site is breached and an employee’s credentials are exposed, their risk is amplified exponentially if they use that same password elsewhere.”

“Poor password management is a root cause for many data breaches. However, it’s important to remember that the habit can often be attributed to poor personal discipline, as opposed to malicious intent by your employees.

“Typically, people are unaware they are putting their company at risk, which can be shown by almost three quarters of those surveyed believing they are cyber security aware – even though they are making mistakes that can have dangerous consequences.

“Employers must create a hard to hack company culture that is trained on recognising threats and attacks. Begin by educating all levels of the workforce on why and how poor practices can lead to data breaches, as well as encourage them into good habits, including changing their passwords regularly – starting with today.”

NEWS CATEGORIES

LATEST NEWS

The Chief Scientist’s Group says we need to change the way we think about the value and benefits of clean and plentiful water

In the Chief Scientist's Annual Review 2024, the Chief Scientist's Group has said we need to change the way we think about the value...

New trade association unveiled for the property flood resilience sector

A new trade body has been formed to represent and professionalise the rapidly growing property flood resilience (PFR) industry. The International Property Flood Resilience Association...

South East Water collaborates with Future Nature to Champion regenerative agriculture

Local land owners, farms, businesses and students are invited to attend an informative workshop focusing on regenerative farming at Hyde Farm, Maidenhead on 13...

Cutting-edge strategy puts Burntwood Sewage Treatment Works ahead of schedule

Expansion works at the Burntwood Sewage Treatment Works are expected to complete ahead of time, with two additional treatment stages constructed. Severn Trent Water contracted...