The study, by Netherlands-based VPNOverview, revealed that two-thirds of businesses may still be leaving themselves open to cyberattacks due to their lack of having (or not enforcing) password rotation policies; 63% of employees polled admitted to using the same passwords even when they rotate them.
Where companies have password rotation policies in place, 45% of employees confessed that they did not know the policies existed. And 57% who knew about their company’s password protection policies revealed they did not adhere to them by regularly changing their password; of those who did adhere, 63% used the same passwords on rotation.
For the companies without password rotation policies, only 7% of employees bothered to regularly rotate or change their passwords. The main reasons workers cited for not changing their passwords were they were worried about forgetting their password (57%); regularly changing passwords was annoying (48%); and they did not see the point (45%).
Surprisingly, the research also found that managers were more likely to not follow password rotation policies (38%), with entry level employees not far behind (34%).
Business sectors leaving themselves most vulnerable to cyberattacks by not regularly rotating passwords were found to be accountancy and finance (34%), construction (31%) and education (26%).
David Janssen, security researcher and founder at VPNOverview.com said: “Password rotation is such a simple policy that both businesses and employees can put in place to safeguard and protect their work. Changing your password every two to three months is a really effective way to deter cyberattacks, and although… some may find it frustrating, it could save a lot of heartache down the line.
“It was shocking to see that so many workers didn’t realise what the point in regularly changing their password is, and it’s clear from our research that companies and employees alike need to be educated on the importance of implementing policies such as these.”