Survey Reveals that Data Protection Practices Are Still Poor

by | Published on Feb 13, 2019 | Document Conversion / Scanning Services

Keeping passwords and other sensitive information such as personal details safe and protected from outside intruders is a priority for all businesses. Even when outsourcing document scanning tasks to a document scanning company, the organization should ensure that the company they partner with complies with all security regulations and follows best practices. In spite of concerns over privacy and data protection, many individuals and businesses fail to incorporate security.

Data Protection

Yubico, the leading provider of hardware authentication security keys, has released the 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute. For the purpose of study, Ponemon Institute surveyed more than 1,760 IT and IT security practitioners in the UK, US, Germany and France. The survey revealed the following interesting facts:

  • More than two-thirds of employees (69%) share passwords with colleagues in the workplace to access accounts and 51% of employees reuse an average of five passwords across their business and personal accounts.
  • 63% of respondents said that they have become more concerned about the privacy and security of their personal data than two years ago. The data that respondents are most concerned about include Social Security number or citizen ID, payment account details and health information. The reasons for the concern about their privacy are government surveillance (59%) and the growing use of mobile devices (51%) and connected devices (40%).
  • 47% of respondents said that their companies are most concerned about protecting customer information and 45% of respondents said that they are most concerned about protecting employee information.
  • 51% of respondents have experienced a phishing attack in their personal life, while 44% of respondents have experienced a phishing attack at work. Even though phishing attacks are occurring on a frequent basis, 57% of respondents who have experienced a phishing attack have not changed their password behavior afterwards.
  • Added protection beyond a username and password, in the form of two-factor authentication (2FA) is not used extensively. For instance, 55% of respondents do not use it at work and 67% of respondents do not use any form of two-factor authentication in their personal life.
  • The poor security practices of employees are incurring additional unnecessary costs. On an average, respondents report having to spend around 12.6 minutes each week, or 10.9 hours a year, entering or resetting passwords. On the basis of the average company size of almost 15,000 employees in the research, the report said the estimated annual cost of productivity and labor loss per company averages $5.2 million annually.
  • As managing passwords could be inconvenient and complicated, 57% of respondents expressed a preference for password-less log-ins which will help protect their identity. 56% of respondents believe that a physical hardware token will offer better security.

Yubico says, the aim of this study is to understand the beliefs and behaviors surrounding the password management and authentication practices for individuals in the workplace and at home. The outcome is that in spite of the increasing concerns regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short. They require effective solutions that will offer both added security and convenience. The following are some of the best password management practices that can help both individuals and organizations strengthen their security against current threats.

  • Adopt strong passwords or long passphrases
  • Avoid changing passwords frequently; instead change the password only in case of a potential threat or compromise.
  • Generate password blacklist
  • Apply two-factor authentication for all accounts
  • Add advanced authentication methods including biometric system (logging into an iPhone using a thumb print with Touch ID or authenticating on a Windows 10 PC by looking at it with Windows Hello facial recognition) behavioral biometrics (creates a unique profile of each user by analyzing their interactions with the system).
  • Apply end-to-end encryption
  • Protect accounts of privileged users by providing the users with a different login URL and allow only a single sign-in attempt
  • Ensure secure connection by using a Wi-Fi Protected Access (WPA) 2. Provide a secure VPN connection to remote workers.
  • Ensure continuous backups of sensitive information
  • Train employees to detect and avoid phishing and other social media attacks, explain how criminals may use social engineering for cracking passwords, and encourage employees to avoid sharing information that could be exploited for attacks.

Similarly, when partnering with service providers such as document scanning companies, businesses must make sure that they have strict security measures in place.

Recent Posts

How Digitization Optimizes Document Management Processes

How Digitization Optimizes Document Management Processes

Document management involves the systematic process of capturing, organizing, storing, and retrieving documents. This encompasses tasks such as capturing and indexing documents, tracking revisions, and ensuring compliance with regulatory requirements. Effective...

CAD Conversion: How Can It Improve Your Design Process?

CAD Conversion: How Can It Improve Your Design Process?

What Are CAD Conversion Services? CAD conversion services encompass a range of processes designed to transform various types of blueprints, drawings or other traditional design documents into digital CAD (Computer-Aided Design) formats. This process involves...

6 Ways Document Scanning Can Benefit Legal Departments

6 Ways Document Scanning Can Benefit Legal Departments

The legal industry routinely collects and assembles a variety of legal documents such as contracts, legal briefs, and research materials. For decades, law firms practiced the traditional method of manual paperwork which is tedious, time-consuming, and error-prone....

Share This