Managing employee passwords is a struggle for most businesses in the U.S. and worldwide. It is costly maintaining healthy password security, but not having it can be enormously costly. According to the recent Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” The solution? It’s not as easy as it may seem, but employee education and safe password practices for business are tops on the list.

Individual users reusing passwords at home is translating to their work environment. Even though 91% of people know reusing passwords is poor practice, 59% reuse their passwords everywhere – at home and at work. According to PixelPrivacy.com, Millennials aged 18-31 lead the lame password category parade, with 87% admitting they frequently reuse passwords despite knowing better. All of these stats show that despite knowing better, human nature in any age group or category is relentless password reuse. It’s unfortunate but true, especially when that lack of cyber safety crosses the line of similar practices at work. The financial cost to businesses is huge and the cost to customers having their data breached or stolen grows with each passing hack.

The Dropbox data breach resulting in 60 million user credentials being stolen started with an employee reusing a password at work – it’s that simple. Not applying a simple security patch cost Equifax somewhere between $450 and $600 million and countless hits to its reputation. Another 63% use their company mobile device for personal use as well. It’s no wonder when work and personal use gets blurred that data breaches don’t happen more often.

Even though employee negligence can lead to data breaches, that hardly lets businesses off the hook. Experts agree there needs to be a two-pronged approach to reach cyber-resilience. Bolstering and continually updating data systems is vital, but easier said than done. It costs money – often big money that a mega corporation may have in the bank to spend, but many smaller businesses don’t.

The second prong is continued employee education and awareness. Means and modes of hacking evolve over time, often very quickly. Keeping staff informed about the latest hacking trends and how to spot them can save a lot of grief. Simple common sense employee approaches to cybersafety are now a prerequisite for cyber-resilience. It’s a concerted, company-wide effort costing time and resources. When compared to the alternative, it’s an important start.