Security news
Security news26 April 2006
Employee password choices put business data at risk, Sophos poll reveals
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, are strongly urging companies to educate their employees on the importance of choosing unique and multiple passwords to thwart the onslaught of cyber criminal activity in the workplace.
A web poll of more than 500 business PC users*, conducted by Sophos, has revealed that only 14% use a different password for every website they access. A worrying 41% admitted to using the same password all the time, and 45% admitted that they had a small handful of different passwords to choose from.
Survey results
|
Do you use the same password for multiple websites?
| ||||
| Yes, all the time |
| |||
| I have a few different passwords |
| |||
| No, never |
| |||
"It is madness to use the same password for accessing a website which tells you the football results, as the one which gives you access to your online bank account," said Graham Cluley, senior technology consultant for Sophos. "If hackers manage to steal your password, and you use the same password for all websites, then it's giving them an open invitation to steal your identity and leave you with a large hole in your virtual wallet."
A further 500 strong poll asking system administrators if their users chose weak, easy-to-crack passwords, divulges that nearly three quarters of employees are falling into this trap.
Survey results
|
Do your company's users choose weak passwords?
| ||||
| Yes |
| |||
| No |
| |||
| Don't know |
| |||
"Company defenses are only as strong as the weakest link in the chain - which can often be the users. If users decide to make their password the name of their girlfriend, favourite football team, or pet goldfish then they are risking business data. Similarly, they need to be educated not to choose dictionary words which are easy for a hacking program to crack," continued Cluley. "Cyber criminals are becoming increasingly canny at finding ways of exploiting vulnerable users and pilfering funds. By ignoring, or not realising how easily fraudsters can crack weak passwords, some employees are practically handing their private information over on a plate. Users must be vigilant in choosing multiple, unpredictable passwords to ensure the security of business networks and personal data."
Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection, and educate their employees on safe computing, including the intelligent use of passwords.
* Sophos web poll, 533 respondents, April 2006
Readers Choice Awards 2009Information Security Magazine
- Please vote for Sophos and Utimaco!
- Subscribe to the Information Security
newsletter to vote.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
