A recent survey conducted by Arlington Research for OneLogin in May 2016 of 1,022 respondents found what most of us already know: employees continue to be a high risk for employers when it comes to security risk.
The survey shows that although companies are investing in ways to protect their data, cyber-attackers are getting access to company data through employees’ digital device practices.
The results of the survey show that 13 percent of U.S. employees allow their colleagues to use their company assigned device, even though the employee using the device does not have the same access control, which negates the company’s ability to assign access controls based on roles of employees in the company.
Further, 9 percent of the respondents allow their spouse/partner to use their company issued device, and 1 percent allow their children to use their work issued device.
On top of that, the survey confirms that employees frequently share their passwords with their colleagues and 12 percent share their passwords to other work applications, even though there are company policies against this behavior. Not surprisingly, the survey showed that almost 50 percent of the respondents were unaware of their company’s policy around sharing passwords.
Finally, the survey comments on how mobile device security is still a risk and is “lax.”
Some suggestions to combat the risks outlined in the survey are:
- Educate employees on the risks associated with sharing passwords and allowing colleagues and unauthorized individuals access to company data
- Implement multifactor authentication
- Consider implementing a BYOD program
- Develop security policies that are easy to understand and user friendly and give real life examples
- Train, Educate, Re-Train and Re-Educate your employees—and consider doing live education as computer training is pretty boring
- Assemble a Data Privacy + Security Team to develop continuous education and awareness for your employees so it is interesting, timely and understandable—the more you reiterate certain behaviors, the more they’ll hear the message and perhaps change their behavior—one time training is easily forgotten
Most employees really do want to follow company policies, but reading company policies are boring. The key is to find a way to keep employees engaged and part of the solution in data protection.