It only takes one mistake for a cyberattacker to gain access to an organisation. Yet four out of five employees have admitted to engaging in risky cyber behaviour that increases the risk of a breach, according to a survey conducted by cybsersecurity company ThycoticCentrify.

The global survey of 8,000 employees found 79% of employees had engaged in at least one risky IT practice in the last year, such as reusing a password across multiple services.

The most common risky cyber behaviour (35%) was saving passwords in the autofill box of their internet browsers on all their devices, instead of using a password manager. It means that an attacker compromising one device will then be able to gain access to multiple services.

“If the employee has saved multiple passwords within the internet browser, the attacker can readily see whether they are all the same or simple variations such as one character difference,” the report notes. “With this information, they can use password cracking tools and wordlists to create all possible combinations of an employee’s password choices.”

Recent high-profile hacks against SolarWinds and Colonial Pipeline both stemmed from a single compromised password and went on to cause tens of millions of dollars in damage.

The next most common behaviour was connecting to public Wi-Fi networks, which 32% of employees admitted to doing.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The mass shift to remote working caused by the Covid-19 pandemic has often blurred the lines between home and work life. This has created headaches for security professionals who have had to protect organisations out of the more controllable confines of the office. One of the main threats is the use of personal devices to conduct work, a behaviour that 23% of respondents admitted to doing.

Among the least likely mistakes to be made were accessing the dark web or adult content (11%) and allowing family members to use company devices (11%).

Of those surveyed some 1,000 were based in each of the UK, US and Germany.

Despite admitting to making cybersecurity faux pas, the majority – 86% – of employees agreed that they have a personal responsibility to keep their organisation safe from cyber threats.

Less than half (44%) of respondents said they have received cybersecurity training in the past year, a figure that decreases among small and midsize businesses.

“We’d urge employers to redouble efforts to encourage the best possible digital security practices in staff and remind them of the risks of failing to secure networks,” said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.

“A ransomware attack or major breach has major consequences which can last for years, so every organisation needs to establish security processes and work to ensure they resonate with employees.”