A recent survey by a system security firm found that employees understand security best practices, but ignore them.
A majority of respondents were able to identify specific behaviors as risky, like using public Wi-Fi (63 percent); sharing passwords with family members (54 percent); and using their work computers for personal tasks (57 percent).
However, a large percentage reported they still engage in these behaviors. The survey results revealed that 42 percent expect to use public Wi-Fi, 24 percent will share passwords, and 30 percent are apt to use a designated work device for personal use.
Because 30 percent of respondents report using their personal device for work at least once a month and another 29 percent once a week, the lack of secure user behavior looks to be a significant issue.
Interestingly, respondents in the 16- to 24-year-old age group had the riskiest workplace security behaviors as compared to other age groups. Shannon Greenhalgh "Survey reveals employee behavior exposes security risks," www.misco.co.uk (May 9, 2016).
Whether employees regularly use their personal devices for work tasks or only occasionally access work files from a personal mobile phone or tablet, organizations need to protect their data with strong personal device usage policies. Such policies should require regular software updates, the use of strong passwords, and installation of anti-virus software. Policies should also discuss the risk associated with lost and stolen devices.
A large exposure is from mobile devices; specifically mobile devices lost or stolen that contain employer information.
A UK survey from 2011 found that one out of every ten laptops is lost or stolen over the lifetime of the device, and 70 million smartphones are lost each year. A more recent survey by Consumer Reports had similar results, with 3.1 million Americans reporting their smartphone stolen in 2013.
Today, mobile devices are used more frequently in the workplace and carry more sensitive data than ever before. Consequently, an organization’s risk from loss and theft of those devices increases. Ignoring the potential for system breaches and compromised data from device theft and loss could result in substantial costs to an organization, both financial and in terms of productivity.
Via: Hartford Help