Yeesh!  This isn’t good.  According to a recent survey of more than 1,000 professionals, nearly half of them admit to sharing passwords, more than a third say they write their passwords on paper, and one in four said they still have access to accounts from past jobs!

The survey, performed by security company Beyond Identity (and reported by TechRepublic and Sharon Nelson’s Ride the Lightning blog), included these findings:

• Nearly 1 in 4 employees said they still had access to accounts from past jobs.
• 41.7% of employees admitted to having shared workplace passwords.
• 42.5% of employees felt that sharing work passwords should be a fireable offense.
• More than 1 in 5 employees (21.5%) said they used the same password for their personal bank accounts as they did for work-related accounts.

The survey results suggest a need for businesses to tighten up their password policies, but with an important caveat: Making the process too laborious for employees means that they’ll just find a way to circumvent the rules. With 45.6% of respondents saying they believe strict password policies hamper productivity, there’s a good reason to ensure a balance is struck.

Of those who are sharing passwords, 66.2% share them with coworkers, and just over a third are sharing passwords with family members or significant others. The most common method of sharing passwords is via email.  Twenty-six percent said their personal email has the same password as their work account and 17.8% report that their social media accounts share credentials with work.  Yeesh again!

Among the takeaways here:

• Companies need better termination policies that include removing access for former employees.
• Two-factor authentication should be implemented everywhere possible.
• Training of employees on security best practices needs to be improved.
• Organizations should consider a zero-trust security model to prevent compromised accounts from being used by an attacker to move laterally inside the network.

So, what do you think?  Does your organization have the mechanisms and training in place to avoid some of these potential opportunities for cyber breaches?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.