Despite compromised credentials leading to a majority of cyberattacks, almost half of IT and cybersecurity leaders say they still store passwords in shared office documents despite nearly all requiring password management and security training of their end users, according to new research from cybersecurity software provider Hitachi ID.
The Calgary-based firm’s report found that 46% of respondents primarily store passwords on shared office documents, which is an insecure way of managing passwords and can lead to cyberattacks.
Less than a third (30%) say they use a company-provided password manager, and 15% use a personal password manager. Meanwhile, 8% physically write passwords on sticky notes or notebooks.
Suggesting that IT leaders aren’t practicing what they preach, the report found that 93% require password management and security training of their end users, and 63% hold such training more than once a year.
This insecure way of storing passwords can create challenges when an employee leaves the organization or is terminated, as just 33% of leaders said they were at least “somewhat confident” that employees are not taking their enterprise passwords with them, and 67% said they were either slightly confident or not confident at all.
Those password security figures improve slightly when asked if they can secure account credentials if an employee is terminated, with 47% saying they are at least somewhat confident in their ability to do so. Still, a sizeable portion are less confident, with 53% saying they are not confident or are slightly confident.
When asked for real examples of this happening in their organization, 29% of respondents said the had incidents in the past year where the organization lost access to production systems after an employee left, per the report.
As companies are struggling with high turnover rates in the wake of the COVID-19 pandemic, leading to the Great Resignation, organizations need to take steps to better secure their employees’ credentials.
“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” said Nick Brown, CEO at Hitachi ID, in a statement. “Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.”