New research into the security behavior of employees in the United States has found that most Americans reuse passwords on work devices.
A September 2020 survey of 500 full-time US employees by portfolio website Visual Objects found that 63% increased their vulnerability to cyber-attacks by recycling the same passwords for multiple accounts on work devices.
The majority of those surveyed (63%) said that they weren't concerned about where they stored their personal data and were comfortable keeping it on their work devices.
This could be because they see cybersecurity as something that their employer should take care of. Almost all (91%) said that they feel companies are more responsible for cybersecurity efforts than employees are.
A Visual Objects spokesperson commented: "Most companies sent office devices home with employees during COVID-19, allowing workers to intermix work and personal data. Employees risk introducing malware onto work devices when using them for personal activities."
The findings revealed a link between the age of the workers and their attitude to cybersecurity. While only 2% of baby boomers said that they always reuse work-related passwords, 13% of millennials confessed to always using duplicate passwords.
More survey respondents in the baby boomer age group (27%) said that they were not concerned with where they stored their personal data than in any other age group. Only 17% of millennials felt very unconcerned about storing personal data on work devices.
Christine Sabino, a senior associate at data breach claims company Hayes Connor, said that millennials have a natural inclination to keep personal and work information separate.
“[Millennials] have more technological devices, like a personal laptop, tablet, mobile phone, and games console,” Sabino said. “They are less likely to require the use of their work laptop for these [personal] activities.”
More than three-quarters of US workers (76%) said that they felt at least somewhat accountable for ensuring cybersecurity measures were followed at their company.
“Employees have a responsibility to ensure guidelines and processes are followed,” commented Cyphere's Harman Singh.
“Employees must take small actions that have a bigger impact on improving culture, such as appropriately reacting to suspicious emails, calls, or information online.”