Employees are twice as likely to take risks on work devices than they are on personal ones: survey
- Published: Thursday, 14 April 2016 08:33
WinMagic, Inc. has released the results of a new study analysing the disconnect between end-user employees and IT managers, when it comes to information security.
Two simultaneous studies polled 1000 employees and 250 IT managers respectively from businesses across UK to discover the importance of IT and data security in the workplace. Rifts in perception versus reality between these two groups revealed habits and knowledge-gaps that compromise UK plc’s cybersecurity.
High-profile breaches have prompted action:
In the wake of high profile data breaches such as TalkTalk, employees and senior management are more aware of the importance of data security; and are taking action. Correspondingly, 44 percent of employees feel their organization has placed greater emphasis on data security, and 60 percent of IT Managers admit to having taken action as a direct result of high-profile breaches:
- The majority of employees (31 percent) describe themselves as the biggest IT security threat to their businesses, followed by hackers (30 percent);
- Conversely, IT managers believe hackers represent the greatest threat (37 percent) followed by employees (24 percent) and a lack of rigid security policies (22 percent);
- Overwhelmingly employees (92 percent) and IT managers (92 percent) agree that IT and data security is important to their business;
- A worrying 12 percent of employees suggest that they never received any training or communication on data and IT security despite 80 percent of IT managers claiming to communicate or train on the subject once a year or more.
The call for democratised responsibility:
As employees become more aware of the impact of data breaches, and the need for IT security, they are developing a greater sense of responsibility for protecting company data. Despite a slim majority (41 percent) believing that the IT team remains mostly responsible for data security; over a third of employees (37 percent) believe that everyone is responsible for it. IT managers themselves, however, are least likely to apportion responsibility for security to those outside of the IT team with only 10 percent suggesting that IT Security is everyone’s responsibility.
Feeling responsible doesn’t mean acting it:
Whilst 80 percent of employees believe methods they use to store company data are somewhat or wholly secure, IT managers remain unconvinced. They are most concerned with security, and the habits of employees, when it comes to storing company data on personal hardware or in cloud environments.
- 25 percent of employees are actively storing work data on private cloud services, whilst 15 percent are using personal hardware;
- The majority of IT Managers (63 percent) state that they are concerned about employees storing company data on private cloud; on personal hardware this rises to 68 percent;
- Portable storage devices continue to be a preferred storage option for company data for 20 percent of employees; alongside company hardware (52 percent);
- Few IT Managers believe their organizations’ data is completely secure in private cloud (13 percent) or public cloud (11 percent) environments, believing that weak passwords (34 percent) and users forgetting passwords (35 percent) represent the biggest security challenges here.
Employees are up to twice as likely to take risks on work IT equipment then they are on their own devices but they aren’t alone in that habit. IT managers themselves admit to being even more likely to undertake risky data handling practices than regular employees.
- Five percent of employees would be ‘very likely’ to open an email from an unknown sender on personal devices; jumping to ten percent on work equipment
- Fourteen percent of employees would be ‘very likely’ to open e-mail attachments with unrecognised file extensions including .exe extensions on personal devices; jumping to 27 percent on work equipment. For IT managers it is a much more worrying 42 percent and 43 percent, respectively.
Businesses are unwittingly assuming business and personal cyber risk:
As employees take more risks in handling data at work than at home so too are they likely to feel that personal data storage is more secure at work. When asked where they felt their personal data was most secure employees favoured work IT equipment (37 percent) over personal equipment (23 percent) or in the cloud (11 percent).
WinMagic’s surveys were undertaken in April 2016 by independent research company OnePoll.