Ever get so comfortable doing something that you end up cutting corners? That’s what Mike Kane says is happening to your tech-savvier employees when they are accessing cloud applications.
“We found that the more users accessing SaaS applications were a bit more irresponsible with password security,” said Kane, director of business development for SaaS at Softchoice, a North American IT solutions and services provider. “Because they are accessing so many applications, it is harder to manage all the passwords, so it became more convenient or efficient to reuse some of the same passwords or have them on a Post-It or spreadsheet.”
That’s right folks, compared to those who don’t use cloud applications for work, tech-savvy cloud users were found to be twice as likely to store account passwords on Post-It notes. And the recent Softchoice survey also found that one-third of this group has downloaded an app without their IT department’s approval.
Softchoice surveyed 1,000 full-time employees in the U.S. and Canada about their password security, file transfer and IT compliance habits at work, exploring how the cloud is changing the way we work and how IT departments can address this shift.
As someone who has both put passwords on a Post-It and downloaded something without asking, it didn’t come as a surprise. And it also isn’t one for the friendly, corporate IT worker.
Alan Henry, in an article for Lifehacker, wrote that colleagues would often send a help request only to have left for the day and locked out their computer. “Fortunately, I was often able to fix their problem while they weren’t there. Why? Their password was somewhere on their desk.”
He’s found passwords all over the desk – under the phone, under the mouse pad, on the monitor and where an employee thought would be the best hiding place, on a Post-It under the desk.
The problem is also generational. Millennials were the heavier users and because of that, 28 percent kept passwords in plain sight versus 11 percent for Baby Boomers, Kane said.
“Millennials are trying to be more efficient,” he said. “They are more apt to work from home, and they want access to their data, and to do that, they do less secure actions to be more efficient.”
It also comes down to patience, and it has been well-documented how impatient Millennials can be. Kane said they are used to pulling down applications outside of their work life, so they are trying to do the same in their business life.
Another finding from the survey was that users who want to access remotely don’t have as good behavior of security. When employees aren’t within the four walls of the office, they need access to data, so they do things like email it to themselves for later, Kane said.
One of the recommendations he has for solving the issue is to have employees choose an identity management system that will add an extra layer of security. Companies should also have a password policy that is regularly communicated to employees.
In addition, he suggests companies, if possible, create a single sign-on so employees only need to connect to one place to have access to all of the applications.
Kane also said the IT person has to adapt and adopt technologies and not block them.
“Behaviors are happening no matter what, so put the right solutions in place,” he said. “Remind employees about them and communicate why so people understand more.”
And if there’s a Post-It with passwords on it anywhere around your desk, now might be a good time to find another alternative.