One-in-three employees who know their password is compromised still won’t change it

cyber security

One-in-three Australian workers who admit to having enabled data breaches are still unwilling to change their already compromised passwords, a new study reveals.

Human error has always been a security risk, but according to cyber security firm Webroot’s latest report, office culture might present a larger issue when it comes to maintaining cyber health.

Over half of the 4000 surveyed workers have compromised personal and financial data by clicking on links from unknown senders. The report shows this behaviour isn’t a one-off either — these employees clicked on risky links multiple times.

Of this group, over a third were so apathetic, and didn’t bother to change their passwords after the breach.

And although 90% of employees consider themselves able to distinguish real emails from their phishing counterparts, 60% will click on links from unknown senders anyway.

The study also shows employees find identifying phishing in non-email communications (phone calls, notifications, snail mail and post) even more difficult. They would actually have a better chance of correctly identifying phishing if they flipped a coin.

The report comes in the wake of high-profile data breaches, involving PayID, TGI Fridays, Sephora and NAB. And that’s just in the last three months.

Apart from the obvious financial risks, poor cyber security can also lead to larger reputational issues with suppliers and customers, among others.

Educate yourself

Cyber security might seem like a time-consuming issue to resolve, but some experts say regular and incremental checks can prove more effective in the long run.

In a piece for SmartCompany, Andy Jamieson advises businesses to regularly test their own systems and update passwords.

In another SmartCompany article, Susie Jones of Cynch Security recommends breaking down the most pressing issues — anything that holds sensitive and confidential information — into “simple steps”.

Change your office culture

The biggest takeaway from the study is the need to reform office culture from apathy to vigilance.

In a piece for SmartCompany, Ilone Vass from HR firm Dancing with the Dragons encourages business owners to build competence and foster office traditions. These traditions can easily include cyber security checks and updates.

“Your employee may have problem-solving skills, which are outside of their everyday role, to help you move past any issues.

“Build their competence and confidence by allowing them to implement skills to assist with problem-solving,” she wrote at the time.

NOW READ: Seven easy cyber security checks all business owners should do

NOW READ: A whopping 78% of small businesses are being targeted by cyber criminals: Here’s how to stay ahead


Notify of
Inline Feedbacks
View all comments