A Lack of Employee Cyber Hygiene is the Next Big Threat

Stu Sjouwerman | Mar 30, 2022

A Lack of Employee Cyber Hygiene is the Next Big ThreatA new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.

Employee cyber risk is a multifaceted issue that revolves a lot around cyber hygiene, according to new data in Mobile Mentor’s inaugural Endpoint Ecosystem Report. It involves a number of issues that organizations are going to need to address effectively and quickly.

A few issues I really want to highlight here include passwords, device use, and a lack of proper training. Despite most phishing attacks focusing on credentials, employees still have terrible password hygiene:

  • Gen-Z employees have more than 20 work passwords and type more than 16 passwords daily
  • 69% of employees admit to choosing passwords that are easy to remember
  • 29% of employees write their passwords down in a journal
  • 24% store passwords in a Notes app on their phone

But the device is secure, right? Wrong.

Only 43% of organizations have BYOD securely enabled, with just one-third of employees able to securely access corporate systems, data, and apps from personal devices. With 64% of employees using a personal device for work, this is a massive risk.

So, these companies are making up for it by properly training their employees about cyberattacks, vigilance, good hygiene, etc., right? Again, wrong.

According to the report only 25% of in-office workers receive security training monthly. Remote employees have it a bit better (with 43% receiving training), but it’s evident by just the poor password hygiene that organizational leadership isn’t taking this seriously and aren’t looking to elevate the individual employee’s mindset around the need to be secure while working – and the employee’s role in helping to maintain that state of security.

Those organizations focused on continual Security Awareness Training demonstrate a commitment to seeing every aspect of the employee’s interaction with corporate resources, applications, and data on the one hand (with email and the web on the other) be as secure as possible – starting with the employee’s own awareness being elevated to a state of vigilance to ensure better cyber hygiene and a more secure organization.

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.