Americans under-prioritize the digital security of their employers, according to a new study by identity-threat intelligence firm 4iQ.
The study found that most Americans didn’t bother to secure their work emails, putting themselves and their employers at risk. “Someone hacking into my work email” ranked dead last on a list of respondents’ cybersecurity concerns.
“The complete lack of concern by survey respondents about their work email potentially being hacked is problematic,” said Monica Pal, CEO of 4iQ. “This is exacerbated by the finding that the average person admits to using just two or three passwords to protect all their online accounts. By repeating passwords on multiple accounts, individuals are inviting cyber-criminals to access all of their online data. Once a password becomes compromised, all of that individual’s information – and by extension their employer’s information – are at risk.”
Work email accounts can give cyber-criminals access to email messages and confidential information like contracts, intellectual property and customer payment information. Criminals can also often glean information like health insurance, travel itineraries and personal banking information. When hacked email credentials match the credentials to access corporate systems, the risk grows exponentially.
“While much time is spent researching and analyzing data breaches and security events, less time is focused on understanding a critical element – the people impacted, their concerns, and their motivation,” said Claire Umeda, head of marketing for 4iQ. “This survey provides a glimpse into public concerns relating to personal data privacy, and even the potential for corporate security risks from an uneducated or unmotivated employee audience.”
“Our survey shows that consumers are concerned about protecting certain aspects of their digital identities, such as their Social Security number, banking and credit card information, but they are not taking all the steps the can to adequately protect this data,” Pal said. “Perhaps it’s because they don’t understand how to protect themselves or they are uninformed about the services that are out there to help them. One thing we know for sure is that we need to be better about communicating with people on an individual level on what risky online behavior is, the steps they can take to protect their accounts and identity, and what solutions are out there that can alert them to compromised or vulnerable information.”
“According to our analysis of digital identities found on the Deep and Dark Web, over 39% of people use password credentials classified as ‘very weak,’” said Julio Casal, founder and chief technology officer of 4iQ. “For example, our research shows that over nine million passwords consist of the number combination of ‘12345.’ This is frightening because the first line of defense against attackers is login credentials – strong, unique username and password combinations. But the scarier part is that companies and organizations don’t necessarily consider this challenge as part of their ongoing cybersecurity efforts. The fact is, the chain is only as strong as its weakest link. Yet companies don’t often consider the fact that their vendor’s employee, whose username and password were compromised in a recent breach, used the same password for their work email. And now that cyber-criminal holds the key to your data.”