13% of IT workers share passwords with peers despite fears of identity theft

08 November 2018 Consultancy.uk 4 min. read
More news on

As organisations become more aware that bad cybersecurity practices leave their businesses open to infiltration and breaches, many employees and bosses remain unwilling to apply this logic to their own behaviours. A new survey has found that while close to two thirds of individuals are “really worried” about digital identity theft, more than one in 10 would share their password with a colleague, among other issues.

A recent study by global consulting firm Accenture revealed that 70% of global businesses said they had been the subject of an internal breach from malicious insiders. This makes such a breach the most common among cybersecurity threats faced by modern organisations, despite the fear which external hackers have stricken into the hearts of business leaders in recent years.

Following on from this, a survey of 400 IT professionals by identity governance provider SailPoint has revealed that 65% of UK IT workers are “really worried” about having their digital identities stolen. Despite this, however, the survey also found that a significant portion of respondents could be better protecting themselves from having their access hijacked by hackers or other rogue elements, including a number of alarmingly basic steps.While internal cyber breaches are the most common, many employees remain unaware of risksSailPoint found that 20% of respondents would share their building access badge with someone. This simple step could supply a malicious individual with the opportunity to breach an entire system, as by doing this, one unlocked device left unattended becomes much more accessible to the outside world.

Another seemingly obvious lapse saw one in five respondents admit to having the same password across personal and work email accounts, while 13% would share their password with colleagues. While it should be common sense that these are bad practices, poor password hygiene continues to be a problem, particularly for IT professionals. This is because, should a hacker gain access to a personal password, they could then use this to gain more access to a company’s IT system than the average user.

Meanwhile, a shocking 16% of respondents said they would email sensitive company data or files to their personal email. In an age where data has come to be considered ‘the new gold’, transferring any sensitive or confidential information to an unsecured network, be that as a result of benign intentions or otherwise, it can give parties access to valuable data to use for illegal purposes.

Attacks from the inside are the most common At the same time, if asked how they would behave if they came across a sticky note on their boss’ desk with passwords listed out, one in every 10 respondents said they would take it. While it should be pointed out that a manager should know better than to either keep a physical copy of their passwords in a single location, or than to leave it unattended on their desk, employees should also be aware of huge damage that could be done with those passwords. Higher level staff tend to have access to sensitive data, including customer contact lists, among other examples, making them a continued primary target for hackers.

While summarising the results, the researchers warned, “Ultimately, nobody is infallible. We all succumb to convenience and curiosity, but there is little wiggle room when talking about leaving our digital identities exposed.  When you give a malicious hacker an inch, they will run laps around your accounts, data and devices.”

Related: Financial institutions failing to detect cyber breaches for over a week.