According to the results of a recent survey of more than 2 000 office workers in the US and UK, fully 93% of respondents engage in unsafe online behaviour that could jeopardise their employer’s or their customers’ data, and 97% of respondents have access to sensitive or confidential company information.
The survey, conducted by Precision Sample and commissioned by Intermedia, also found that IT professionals are actually more likely to engage in risky behaviour than the average employee – 32% of IT pros have given their login credentials to other employees, compared to 19% of all respondents.
Richard Walters, vice-president of identity and access management at Intermedia, says that IT personnel have the benefit of knowing how to get around security controls. “It’s sometimes done with the best intent, but nevertheless with a complete lack of consideration for the risk or security implications,” he says.
Similarly, 28% of IT professionals admitted having accessed systems belonging to their previous employers after they left a job, compared to just 13% of all respondents. And 31% of IT professionals say they would take data from their company if it would benefit them personally – almost three times the rate for all respondents.
The survey also found that among age groups, millennials are the most likely to install apps without company approval, save company files to personal cloud storage, and engage in other risky behaviour.
Surprisingly, the survey also found that long-term employees (seven years or longer) tend to introduce greater security risks overall – 23% of long-term employees have shared login credentials with co-workers, compared to 9% of new employees. And 23% of long-term employees have deployed free or paid Web apps without consulting IT, compared to 13% of new employees.
“Security policies are most effective when employees don’t even have to think about them,” Intermedia CTO Jonathan Levine says. “That’s why it’s so important to provide tools that make it easier to follow the rules, like single sign-on portals or enterprise-class file sharing.”
“The simpler it is for employees to be productive using company sanctioned tools, the more likely you are to deter the kinds of practices that put the company at risk,” Levine adds.
A recent eSecurity Planet article examined the importance of offering security training to employees.
By Jeff Goldman for www.esecurityplanet.com