Procurement · 30 September 2015

Younger employees’ casual approach to passwords is putting business security at risk

Many employees share their passwords on scraps of paper and post-it notes
Many employees share their passwords on scraps of paper and post-it notes

Many workers have admitted to being lax with employers’ confidential information in a new report by Dashlane, with younger workers likely to cause “real headaches for owners of small businesses”.

The password management platform Dashlane, conducted a study looking into the use of passwords in the workplace and found too many employees were “suffering from a state of digital indifference”.

Dashlane’s CEO, Emmanuel Schalit, said employees “have to be the first line of defence from external threats, whether there are IT departments in place or not, through effective password security”. Despite the fact hackers have become more sophisticated and cyber crime has been getting more attention, Schalit feels too many employees are too casual when it comes to IT security.

From the study, it emerged many were lax in their handling of employers’ sensitive and confidential information. Of the 1,000 people surveyed in the UK, 44 per cent said they could access a former employer’s systems through old, unchanged passwords. Nearly three quarters (70 per cent) admitted they didn’t have or didn’t know their employer’s policy on sharing passwords.

Despite being digital natives, young people were most likely to put their employer’s company at risk when it came to security, with 68 per cent of those aged 16-24 saying they had shared a password with a colleague. Dashlane said younger respondents were the most casual in their approach to password security and password management practices.

Another repeated misstep came to lack of frequent updating of passwords – 44 per cent of people said they could access an account belonging to a previous employer. While this could be as simple as accessing a newspaper subscription with an old log-in, Dashlane pointed out there are circumstances where this could be hugely risky.

Nearly 30 per cent of those surveyed said their employer never changed passwords, or only did so when there was an issue.

Password sharing, while more rife among younger employees, was a universal problem, as over half of respondents admitted they had shared a password with a colleague at some point. Dashlane said practically, individual specific log-ins weren’t always possible, but “reports of using post-it notes and unsecured shared spreadsheets are all too common”.

Over a quarter of workers aged between 16-34 said they had written down passwords on scraps of paper, while others had shared theirs across email and text messages.

Employers have a responsibility to provide more formal guidance on existing rules regarding password policy, “resulting in a situation where the path of least resistance becomes conventional practice”.

Guillaume Desnoës, head of European markets at Dashlane, said: “Our report reveals a lackadaisical approach to the management of company confidential data, which is being driven by the influx of millennials entering the workplace. This could soon cause real headaches for the owners of small businesses.”

He added that more needs to be done to educate both business leaders and employees on the significance of the data they’re entrusted with, and the importance of effective password policies to protect it. “Password sharing can make a company so much more efficient, but it needs to be handled properly,” he said.

Sign up to our newsletter to get the latest from Business Advice.



Rebecca is a reporter for Business Advice. Prior to this, she worked with a range of tech, advertising, media and digital clients at Propeller PR and did freelance work for The Telegraph.