Virtually all office workers–99%–admit to making at least one action that could threaten a company’s cybersecurity, a new report from Intermedia found.

Out of more than 1,000 office workers interviewed, nearly all said they did at least one potentially dangerous activity, such as sharing or autosaving passwords or sending work documents to personal accounts or devices.

Specifically, 24% said they use the same login information for work and personal accounts, and 96% said they automatically save passwords for work accounts on their work devices.

SEE: Guidelines for building security policies (Tech Pro Research)

About two-thirds of office workers said they send work documents from a company account to a personal email account at least once weekly, the report found. This may expose confidential business data or information to even more vulnerabilities, especially if the personal account is not encrypted.

Additionally, 49% of IT workers said they accessed company documents after leaving the company, up from 28% in 2015.

Risky document-based decisions extend into storage, the report said. More than half of workers store files on their desktop, and 34% store work documents using sync-and-share services, allowing them to access the documents from personal accounts even after they’ve left the company.

These seemingly minor actions often ignore data security best practices, potentially putting employees’ current or former companies at risk. With data breaches causing concern among tech executives, 23% of employees are worried someone outside of the company could access work files, the report found. But the concerns don’t seem to impact actions, with the findings suggesting workers prioritize convenience over cybersecurity.

“When employees do not properly back up files, choose to use the same password across multiple accounts, or send confidential materials to their personal accounts, their companies are left exposed and vulnerable not only to data loss, but to serious financial and legal implications as well,” Jonathan Levine, CTO at Intermedia, said in the press release.

SEE: Cybersecurity in an IoT and mobile world (free PDF) (ZDNet/TechRepublic special report)

Some actions, especially those involving file storage, can leave data “unnecessarily vulnerable,” without a backup or recovery option. Intermedia recommended employee education and “sweeping changes to habits, policies, and procedures” to protect security networks and company data.

“Organizations need to recognize that getting employees to change their behavior won’t happen overnight,” Levine said. “Instead, companies need to offer solutions that protect confidential information with minimal impact on an employee’s daily workflow, such as automated backup and 2-factor password requirements. The most effective security measures are often ones that employees don’t even know are in place.”

The 3 big takeaways for TechRepublic readers

  1. Almost every office worker has taken an unsecure action that could put a company’s cybersecurity at risk, a new Intermedia report found.
  2. Common infractions include reusing login credentials, sending work documents to personal accounts, and storing files on a desktop.
  3. The findings suggest how humans can be a company’s biggest security vulnerability. Companies may need to reevaluate cybersecurity policies and how they are enforced to avoid worker-caused security issues.

Also see