Survey Finds Employees Aren’t Improving Internal Security Practices

SailPoint has recently published some new research that will probably give you a headache, if you're a business owner.

It's been common knowledge for at least a few years now that employees are a company's weakest link when it comes to data security.  From weak passwords, to using the same password across multiple web properties, to a general lack of understanding of basic security protocols. No matter how you slice it, if a hacker wants the keys to your digital kingdom, the easiest and fastest way to accomplish that is by exploiting the weaknesses of your employees.

Since companies know this, an increasing percentage of them have been spending time and money on employee education. That is what companies do when they're trying to move the needle in a positive direction and solve some problem that's in desperate need of solving. Most of the time that works.  Unfortunately, it's not working this time.

According to SailPoint's most recent data, despite the money spent and the increasing focus on employee cyber security education, things are getting worse and not better. You won't like some of the facts contained in the report.

Here are a few of the highlights from the report:

• 75 percent of survey respondents report re-using passwords across both personal and professional accounts, which is a staggering 19 percent increase from 2014.
• 23 percent of survey respondents said they only change their work passwords two times (or less) a year unless specifically prompted to.
• 15 percent said they would consider selling their workplace passwords to a third party
• 55 percent said they considered the IT department to be a "source of inconvenience"
• 13 percent said that they would not inform IT immediately if they become the victim of a hack.

These numbers are grim, and we're clearly moving in the wrong direction.  Rough seas ahead.