The majority of desk-based workers in the UK do not believe that sharing their work-related logins represents a security risk to their employer, new research has shown.
The findings, revealed in a new report from security software provider IS Decisions, also highlight a particular lack of understanding in organisations’ top levels, with an even greater majority (54%) of those in senior management failing to recognise the risk of sharing login details.
The report, titled ‘From Brutus to Snowden: a study of insider threat personas’, is based on a study of 1000 US and 1000 UK desk-based workers, delving into how perceptions, attitudes and behaviour with regards to security in the workplace differ across demographics, job roles and industries.
It reveals that while the majority of people (54%) believe themselves to be considerate of the security of work-related information, many lack the education or understanding to act accordingly.
Less than a third of people (28%) would know who to report a security breach to in their organisation, while 23% of people have shared their password with one or more of their colleagues.
Password sharing is increasing, with 22% agreeing that they share their work logins more frequently now than they did two years ago, with those in marketing (33%), sales (30%) and IT (27%) being the most likely culprits.
>See also: Tesco suffers another security breach
The report shows a huge difference in security attitudes between younger and older generations, with those in age groups 16 to 24 and 25 to 34 being far more likely to share work logins (35% and 32% respectively) than those of over 35 (15%).
The study also found that the strongest incentive for preventing users sharing passwords is if someone else using your login restricts your own access, cited by 29% as the most likely measure to stop them.
This was found to be a particularly effective measure for those younger generations (37% of those aged 16 to 24 and 36% aged 25 to 34).
François Amigorena, CEO of IS Decisions, commented: “Insider threat does not have to be a total unknown. One of the most important steps towards tackling internal security is understanding your own users, and their attitudes and behavior, in order to know the risks and mitigate against them.
“What we’ve found is the recurrent theme is lack of education, though that manifests itself wildly differently, with differences between generations, an interesting trend for what appears to be wilful flouting of policy in some regulated industries and a ‘do as I say, not as I do’ attitude from many in senior management.
“This breadth of different attitudes highlights the need for a tailored approach to tackling internal security, that addresses everyone in an organisation, from top to bottom.”