Businesses ‘still falling short’ with basic security practices

Image credit: iStockphoto

A significant number of businesses are still failing to implement and enforce basic security policies relating to passwords and authentication practices, despite the threat of higher consequences for data breaches.

This is according to new research conducted by the Ponemon Institute on behalf of authentication hardware provider Yubicio. It revealed that while firms have become more concerned about the privacy of their personal data, many people are still failing to follow best practices for data protection and privacy.

For example, more than two-thirds of employees (69 per cent) admit to sharing passwords for sensitive accounts and applications with their colleagues, while more than half of respondents (51 per cent) reuse login details across their business and/or personal accounts, with the average user rotating between five passwords.

Tools such as two-factor authentication (2FA) that can strengthen the security of applications and reduce the reliance on easily-mismanaged passwords are also not widely used. Only one in three respondents use any form of 2FA in their personal accounts, while 45 per cent do not use it at work.

Stina Ehrensvard, chief executive and founder of Yubico, said that while passwords have been the primary method of protecting sensitive data for decades, the research highlights some of the difficulties associated with proper password hygiene.

She added: "With every new password breach that we see, it's become increasingly clear that new security approaches are needed to help individuals manage and protect their accounts both personally and professionally."

This is likely to become even more important as the number of phishing attacks looking to steal sensitive authentication data increases.

The study found more than half of respondents (51 per cent) have experienced a phishing attack in their personal life, while 44 per cent encountered one at work. However, while phishing attacks are occurring on a frequent basis, 57 per cent of respondents who have experienced a phishing attack have not changed their password behaviours.