One in Three Employees Sidestep or Bypass Security Policies
It’s no secret that human error is a major contributor to security lapses. But the extent of that risky behavior can be eye opening.
A new study by mobile security specialist Mobile Mentor shows just how far employers have lagged behind changes in distributed workforce behavior. According to the research, entitled The Endpoint Ecosystem, password hygiene among employees is “risky,” on-boarding of new employees is “inefficient,” and Shadow IT is “out of control.” The authors define the Endpoint Ecosystem as the combination of all the devices, applications and tools plus the employee’s experience using that technology and the trade-offs between security and employee experience that every employer must face.
Of the study’s 1,500 employees across the healthcare, finance, education and government sectors in the U.S. and Australia, 36 percent admitted to finding ways to work around security policies and 72 percent value their personal privacy over company security. All four industries have in common that each is high risk and highly regulated.
The study’s additional key findings:
- Employees have too many passwords and their passwords are a huge liability: Only 31 percent of people use a password management tool. Twenty-nine percent of employees write their work passwords in a personal journal and 69 percent admit to choosing passwords that are easy to remember.
- Employees are routinely using unapproved apps (Shadow IT) for work activities that may contain sensitive data: More than 41 percent of employees say security policies restrict the way they work and 36 percent admit to finding ways to work around security policies.
- Fifty-three percent of workers believe they are more efficient using non-work apps like Dropbox and Gmail.
- The employee on-boarding process is clunky, especially for remote employees: It takes an average of three days to get a new employee fully set-up on their devices and requires three support calls.
- Sixty-four percent of employees use a personal device for work but only 43 percent of those devices are securely enabled.
- “When the endpoint ecosystem works well, you have a secure, productive and happy workforce,” said Denis O’Shea, founder of Mobile Mentor. “Until employers prioritize the importance of each component within the Endpoint Ecosystem, their company security and employee productivity are going to be exposed to serious risk,” he said.
MSSPs and Mobile Customer Security
For MSSPs, the research provides a timely reminder to focus on such areas as:
- Mobile Device Management (MDM) and Remote Monitoring and Management (RMM) for remote PCs, notebooks, tablets and smartphones.
- Identity and access management (IAM) for customers’ employees and contractors/partners.
- Security awareness training for all customers regardless of their physical location.
- Application security for all cloud services — IaaS, PaaS and SaaS.