Home Credit union Cybersecurity in Financial Services: Poor Password Hygiene, Shadow IT

Cybersecurity in Financial Services: Poor Password Hygiene, Shadow IT

(Photo: Shutterstock)

The pandemic has changed the nature of the workforce and employers are failing to meet the cybersecurity demands of the new environment. “Companies are getting hacked, employees are quitting, and the battle for talent is heating up,” according to research from Mobile Mentor,

The Endpoint Ecosystem study explores how employees perceive privacy, security, productivity, and personal well-being in the financial industry. The goal of the study is to educate and inform employers on how to prevent security breaches and then attract and retain motivated employees. The researchers define the endpoint ecosystem as the combination of all devices, applications and tools, as well as the employee experience using this technology.

The study drew three conclusions:

Finance is more security conscious than other industries. Finance employees have a healthy fear of data breaches, seem to understand the need to protect company data, and regularly receive security awareness training.

  • Three-quarters of finance employees believe they will be fired for a data breach.
  • Sixty-eight percent think their executives should be fired for an offense.
  • Forty-two percent know someone who exposed their employer to a breach.

These figures are much higher than for health care, government or education workers.

Forty-two percent believe they have not received enough security awareness training, although data shows that 83% of finance employees receive monthly or quarterly training. Nearly 60% say they see a security policy every time they log on to their computer.

Thirty-seven percent of Gen Z employees admit to seeing a security policy the day they joined the company, but not reading it.

Finance has a password hygiene problem. Employees regularly record work passwords in their personal journals and on their personal phones. Seven out of 10 choose passwords that are easy to remember and 18% reset their password every day.

The good news is that finance has better password hygiene than other industries, but it’s still very poor.

  • A third write work passwords in a personal diary.
  • Three in 10 keep them in notes on their phone.
  • Forty-two percent keep them in Excel or Word on a PC.

The vast majority of cyberattacks begin with compromised credentials. The problem is worse for young workers: two in 10 manage more than 50 personal passwords and 50 work passwords, and 45% of young employees reset their password every day.

The more passwords a person has, the more likely they are to choose easy passwords with predictable patterns. Employers must agree not to use a password or provide their employees with a password management tool.

Finance has a shadow IT problem. Finance employees have a mature attitude towards workplace safety – until they go home. Forty-six percent allow family members to use their work devices. Half of finance employees bypass security policies and prefer to use unapproved apps and bring your own devices (BYOD).

Nearly half of finance workers have BYOD enabled, including 53% of remote workers and 29% of office workers. Eighty-five percent of employees believe their company respects employee privacy, but the biggest area of ​​doubt and suspicion remains the management of BYOD.

Unsecured personal devices create a huge risk when data is exposed on an unmanaged public app or on an unmanaged device.

Shadow IT will get worse as remote work becomes the norm. Employers need to identify the right tools to empower employees and reduce their need for unapproved apps.

“Finance fares better in endpoint security than the other industries studied and deserves credit,” the researchers concluded.

“However, finance suffers from slow and inefficient onboarding of employees, likely due to the complexity of setting up their devices and the many applications needed to operate.

“Finance is challenged by the presence of Shadow IT, as employees perceive their security policies as an obstacle to their work. Finally, password management is a major problem for the financial sector.