A recent survey of nearly 200 information technology (IT) security professionals conducted by Cyber-Ark has revealed that:

●28 percent of survey participants keep their administrative passwords in their heads and 38 percent still resort to writing down their passwords and storing them on paper
●Less than a third (32 percent) are storing administrative passwords digitally. The remainder continue to use labour-intensive, manual processes, including paper copies stored everywhere from locked cabinets to physical safes
●22 percent of respondents estimate that their colleagues are still keeping passwords on Post-It Notes while 14 percent use unsecured Excel spreadsheet files – making it relatively easy for an infiltrator to access the administrative passwords
●Only 40 percent of all security professionals change administrative passwords monthly or more frequently; 30 percent change them quarterly and a staggering 15 percent never change IT administrative passwords.
●One in five companies have seen an increase in auditing of their security practices due to recent legislation.
●33 percent admitted they don’t change their critical passwords as often as their policy suggests.

However, on a more positive note, the survey found that recent legislation and standards to tighten up on security such as Sarbanes Oxley and PCi has had a positive effect on the IT department. Eighty one percent of respondents felt that these rules and regulations had been “very positive”, giving them the impetus to update and upgrade systems in order for their IT departments to “fall into line”.