Skip to main content

On World Password Day, Survey Reveals Remote Workers’ Poor Password Practices

May

08

2020

Time to read

Read so far

Written by: 

Jenn Markey

Time to read

Written by: 

Survey Poor Password Practices_blog_1000x420

The global response to the COVID-19 pandemic has accelerated several trends. More employees than ever are working from home. New remote workers are in an undiscovered land – sheltering in place with spouses, kids, friends, extended families, online delivery services and more. And, cybercriminals are using our focus on the pandemic to intensify phishing attacks.

As a company dedicated to securing billions of transactions and identities every day, we wanted to explore how employees were handling the cybersecurity challenges that come with remote work at such a large scale. Our Remote Work Cyber Security Survey of 1,000 US professionals revealed key data security challenges, habits and attitudes experienced by employees working from home.

Maybe it shouldn't be surprising that many employees are not following best practices to secure passwords from online hackers or members of their own households. An astounding forty-two percent of employees surveyed still physically write passwords down, 34 percent digitally capture them on their smartphones and 27 percent digitally capture them on their computers. Additionally, nearly 20 percent of the employees surveyed are using the same password across multiple work systems, multiplying the risk of sensitive data if one password is compromised or stolen.

The human factor is critical. The survey responses highlight that employees surveyed are well aware both of phishing scams in general (82 percent) and of phishing scams specifically related to COVID-19 (81 percent). But far too many open their organizations and themselves to attack:

  • 45% say they have received a COVID-19-related email from an unknown sender;
  • 24% say they've clicked on a link from a COVID-19 themed email before determining their legitimacy;
  • Just 36 % deleted the suspicious COVID-19 email;
  • Only 12% percent reported the suspicious COVID-19 email to their organization.

Given tools and scale available to bad actors and cybercriminals, these are pretty good odds in their favor.

Take Action

So, what's an organization to do?

Encryption combined with advanced authentication can provide employees the simplicity they want and the zero trust safeguards companies require. Today, a corporate security perimeter is less relevant than ever, so companies should implement robust, multifactor authentication, which adds an extra layer of protection by requiring additional credentials to enable remote access to company networks. If a cyber-attack, like a phishing email for example, exposes employee passwords and usernames, multifactor authentication could prevent an attacker from successfully accessing the account as it requires other forms of proof you are who you say you are.

The other way to overcome poor password practices is to go passwordless. Passwordless solutions that leverage smartphone biometrics, can deliver the frictionless experience employees seek and the confidence organizations require. And go beyond the passwordless experience to deliver true passwordless authentication with a credential-based implementation that merges the security of smart cards with the convenience of employee smart phones.

If you are interesting in learning more ways to secure your remote workforce, consider the below resources:

jenn-markey-headshot
Jenn Markey
Advisor, Entrust Cybersecurity Institute
Jenn Markey is a content advisor and thought leader with the Entrust Cybersecurity Institute. Her previous roles with Entrust include VP Product Marketing for the Payments and Identity portfolio and Director Product Marketing for the company’s Identity and Access Management (IAM) business. Jenn brings 25+ years of high tech product management, business development, and marketing experience to the Entrust Cybersecurity Institute with significant expertise in content development and curation.
View all of Jenn's Posts