43% surveyed gave away PC passwords

Almost half of computer users in Dublin business districts gave away their PC password and other confidential information in …

Almost half of computer users in Dublin business districts gave away their PC password and other confidential information in an exercise carried out by Deloitte's enterprise risk services division, writes John Collins.

People were approached in coffee shop queues and asked a range of questions related to information security such as their full name, company, PC password, and whether or not they had received training security awareness training. Forty-three per cent of users revealed the password for their PCs.

Colm McDonnell, the partner with Deloitte responsible for the survey, said the results were disappointing. "If you have someone's full name, company and password, it is relatively easy to guess their user name and log on to their network," he said.

This cavalier approach to information security is prevalent not just among those who have not received training from their employer. Of those that had received security awareness training, 42 per cent still revealed their passwords.

READ MORE

The survey also investigated how people chose their password. Forty-one per cent of respondents chose a familiar name such as their own name or that of a pet or close relative.

On a more positive note, 84 per cent of respondents use a mix of words, numbers and characters and 85 per cent change their passwords on a regular basis - or at least when prompted.

But, crucially, 61 per cent of people who change their passwords on a monthly basis use the same password with a slight variation.

"Every member of an organisation needs to understand their role in safeguarding the company's data," said Mr McDonnell.

"The lack of security awareness that this survey shows, coupled with the increasing sophistication of threats posed, means that companies must continually invest in improving their posture through the use of available security technologies and additional security training."