Microsoft study shows poor employee habits threaten cybersecurity

18 Feb 2019

Image: © beebright/

Research from Microsoft Ireland and Amarach shines a light on poor security habits in Irish organisations that increase the risk of cyberattacks.

Microsoft Ireland has today (18 February) warned that poor cybersecurity habits within large public and private sector organisations across the island are increasing the risk of data breaches and intellectual property loss.

Amarach Research was commissioned by Microsoft to investigate the cybersecurity culture within Irish organisations in an effort to understand how employees accessed and used sensitive data while at work and on the go.

Answers from 700 employees working in Irish organisations employing more than 100 staff have revealed potentially dangerous habits, which could compromise the security of important information. According to the research, only 54pc of respondents within large Irish organisations reported receiving cybersecurity training once a year.

Poor password habits

Poor employee password hygiene was also a pattern in the responses. Only 16pc of employees have updated their passwords in the last 12 months in line with company policies.

In general, passwords have become far too easy to guess or steal and 22pc of respondents write down their passwords. Two out of five people recycle their work passwords and 44pc recycle their personal passwords.

This means employees are potentially using the same weak passwords across professional and personal accounts. Three out of five employees surveyed say they would welcome biometric verification instead of passwords.

The danger of a USB key

USB thumb drives may seem innocuous, but they can be used to compromise machines. 25pc of those surveyed admitted to plugging in a thumb drive that was not company property into their work device. This creates a risk of company data falling out of view, broadening the attack surface.

5pc of people connected a smartphone that didn’t belong to them to their work device. According to Microsoft, 81pc of major data breaches last year could be traced back to identity compromise alone.

30pc of employees have been notified about a breach of their personal data and 44pc have experienced issues with phishing, hacking, cyber-fraud or other cyberattacks happening in their personal and professional lives.

Better cybersecurity measures

“Organisations can invest in robust data protection and security measures, but their employees could, accidentally, bring about a potential security disaster for their organisation,” said Des Ryan, Microsoft Ireland solutions director.

He added that the most common and least detected sources of data breaches are compromised identities. “Passwords can be hacked, guessed, leaked or lost. New technologies like biometric security can deliver the robust security required to protect organisations from most social engineering attacks.”

Ryan implored organisations to take a considered approach to data security, new technologies and consistent training. Enforced policies around cybersecurity are also crucial, as well as better device upgrades to “enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation”.

He warned that employees are creating “needless security risks” as they are unaware of issues, or are working from older devices or older versions of Windows. Ryan mentioned those who are working “in a public Wi-Fi spot who do not have the latest security measure or hardware are, in effect, broadcasting sensitive data that can be picked up by a hacker”.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects