1 out of 10 surveyed, don’t know what phishing is…
Granted, not everyone reading this will likely know what phishing is. However, not everyone reading this is likely making a living in the information technology industry.
PC Matic recently conducted a password management and security best practices survey which included over 1,000 IT professionals. The results showed information that was shocking, if not downright concerning.
According to the responses received, one out of ten IT professionals do not know what phishing is, two-factor authentication or a virtual private network (VPN).
Best Practices Suffer Too
It was also determined IT pros practice more of a “do as I say, not as I do” approach when it comes to password management. Over half, 50.84% to be exact, reported only changing their passwords when they were forced to do so. Additionally, 31.99% reported using the same passwords across multiple accounts, both personal and work related. This opens up a whole new can of worms. Why? If users experience a data breach, they are not only facing compromised personal accounts, but they are also exposing their employer’s network due to using the same credentials for both.
Speaking of increasing security risks, 55.91% of IT professionals reported using company networks to check their personal email accounts. Talk about security risks…
Personal email accounts are often targeted for malicious attacks. By checking personal email on company networks, IT professionals — or anyone doing this — is putting the company’s systems at risk. If the user were to click on a malicious link or open a malicious email that doesn’t require any action to launch the malware, the malicious attack could easily spread throughout the company’s networks.
What Users Should Be Doing
It should come as no surprise, but users should be changing their account passwords once every two to three months. These passwords should also never be used for more than one account, and most certainly should not be cross-utilized between personal and work accounts. Additionally, do not check personal accounts on company networks, as it opens an unnecessary security risk.