5 Employee Password Habits that are Putting Your Enterprise at Risk

by Brad Garland

A truism of the modern workplace is that your employees underestimate the risk that their password habits present to your enterprise. Indeed, a study of password habits by CSID in 2012 showed that more than 60 percent of respondents used the same password on multiple sites. Even worse, nearly 45 percent of those respondents said they changed their password less than once each year.risk management solutions

Poor password habits are the root cause of many data breaches, even when you maintain good data security otherwise. Here are five bad habits your employees should omit from the workplace immediately.

1. Using the Same Password Across Multiple Sites

In the CSID study, employees admitted they often used the same password because they were afraid they’d forget one otherwise. However, maintaining one password for many sites increases the risk that a single hack can compromise accounts in multiple locations and devicesincluding your enterprise’s network.

Even knowing the risks associated with poor password management, many employees in the study said they still felt secure doing so, indicating a lack of education about basic cyber security safety.

2. Never Updating Passwords

Many companies have begun instituting enforced password durations, where passwords automatically expire to reduce the risk of potential information security breaches. Even if your enterprise doesn’t force its employees to change their passwords, they should still do so every 30 to 45 days to reduce vulnerability.

3. Checking the “Remember Me” Option

While browsers and apps include the “remember password” option for convenience, it increases the risk for an information security breach. Even worse, you’re more likely to forget a username and password if a website remembers it for you.

4. Emailing Passwords

Temporary passwords are a great way to provide information security to ad-hoc projects and other short-term scenarios, but misusing them is not. Your employees should be taught that passwords must only be shared with those they trust—and only when absolutely necessary. Most importantly, you must ensure that short-term passwords are just that. Deactivate them as soon as they’re no longer required.

5. Not Having a Password System

Employee concerns about remembering multiple passwords can easily be solved by using a password management program like Last Pass or Dashlane. These convenient tools let you quickly and easily setup multiple passwords for different accounts.

Although each of these habits has its reasons for existing, breaking them is an important component of establishing true information security protection for your enterprise. Contact us today to request an enterprise risk assessment and vulnerability assessment.
North Texas Bank Cyber Security Case Study