According to the research, more than half of all business owners (51%) are ‘unconcerned’ with the security of their corporate systems, with one in four readily admitting to reusing the same username and password across all their corporate and personal accounts, from their Facebook page to their confidential corporate systems.
A dramatic increase in the online activity of business owners is compounding the risks. Four out of five business owners now regularly use up to 50 websites that require a username and password whereas just five years ago, the vast majority (73%) accessed just 20 or less. Doing more online with the same username and password greatly increases the chances of a fraudster, data thief, saboteur, or even a disgruntled employee, obtaining these details and exploiting them for criminal gain.
67% also admitted to keeping a written log, or using a system of their own devising, to help them keep track of the usernames and passwords they use regularly.
“Just as the government is waking up to cybercrime we discover that company bosses are half asleep,” comments Chris Russell, VP Engineering, Swivel Secure. “The problem is that business owners think that cybercrime is something that happens to other people, without appreciating the value of the data they hold and the motivations of people who may want to access it. They read about security breaches at big multinational firms like Google and LinkedIn, but don’t realise that these same login details are probably also being used to access their own systems. It’s time business owners realised that usernames and passwords are actually not secure at all.”
“It’s a big problem that’s getting worse; company data is more at risk than ever before,” continues Russell. “Bosses and employees now want to connect their smartphones and tablets to their work systems. Flexible working is gaining in popularity, so more of us are logging in remotely. Too often, new working behaviours like these are still only protected by outdated username and password gateways. And when, inevitably, they are shared, lost, leaked or stolen, it really doesn’t matter how impenetrable your corporate firewall is because you’ve done the digital equivalent of handing over the keys to the safe.”
Perversely, almost three quarters of business owners (73%) confirmed that they do, in fact, keep track of online security threats like hackers, trojans and viruses, suggesting that the strength of their own access credentials isn’t even registering with them as a potential weak point in their security.
“The government claims cybercrime costs the UK economy £27 billion a year,” adds Russell. “That’s the equivalent of building one of Boris Johnson’s Thames Estuary airports every twelve months. You can’t help but wonder how much of that could be saved if business owners took a few simple steps to transition to a 21st century system for authenticating users and protecting their corporate data.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.