24% of Americans share work passwords with people outside the organization
Data presented by Atlas VPN reveals that 24.39% of Americans share work passwords with people outside of their workplace.
Many employees in the United States are not cautious about who they disclose their work-related passwords to. This puts enterprises in danger of being hacked if these credentials fall into the hands of someone negligent or with malevolent intent.
Keeper, a cybersecurity company that focuses on password protection, carried out a survey to get an insight into the password hygiene habits of US employees. A total of 1,000 full-time workers in the United States took part in the survey. The survey was completed in February 2021 and the results were published in May 2021.
The findings reveal that 7.89% of respondents have shared work-related passwords with their significant other or spouse in the last year. Also, as many as 4.33% of employees provide their work-related credentials to their children.
While this might seem like an innocent thing to do, it carries hidden risks. The youngster usually has no idea about the severity of the negative consequences that a misstep could bring upon the company.
On the same note, 5.81% of those polled admitted to sharing work-related passwords with another family member.
In short, 18.03% of US workers share passwords with members of their family or significant others.
Yet, this is not the end of the story because 3.78% of employees provide their work passwords to ex-colleagues. The survey does not specify what access those credentials provide. Those passwords likely grant access to various paid services, like writing assistants, email distribution services, design tools, and others.
Similarly, 2.58% of office workers provide work passwords to their friends that they don’t work with. Usually, that friend also has close friends, so it could turn into a long list of people who have sensitive passwords very quickly.
If a malicious actor gets a hold of such a password, he could then carry out various spear-phishing attacks or worse, depending on the access he received.
As a quick summary, 24.39% of respondents shared their work credentials with people outside their organization within the past year.
Sticky note fiasco
Not only are employees in the United States sharing their passwords with people outside of their organization, but they are also not following the best practices when it comes to keeping and maintaining work-related passwords.
Over half of those polled (57%) admit to jotting down work-related web passwords on sticky notes. This alone poses a significant cybersecurity risk to their businesses. The surprising fact is that two-thirds (67%) admitted to losing those sticky notes.
First off, losing a note with a password jeopardizes organizational efficiency because an administrator will have to reset the password. The inconveniences this creates depend on how often it happens and how many people will have to re-login with the new credentials.
More importantly, a note with login credentials to a company's internal resources is one of the best gifts a malicious actor could receive.
Hopefully, the awareness of the lack of password hygiene in the US will urge employers to spend more time educating their workers on the importance of following the best cybersecurity practices.