Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/22/2016
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

OneLogin Study: Employees Exposing Employers to Security Risks

SAN FRANCISCO, Calif., June 21, 2016 - OneLogin, the identity management provider bringing speed and integrity to the modern enterprise, today announced new research that demonstrates that U.S. employees have digital device practices that are exposing their employers to increased security risks.

According to research conducted by Arlington Research, on behalf of OneLogin, based on a survey of 1,022 respondents in the U.S. in May 2016:

  • Employees are putting corporate networks at risk: 13 percent let their colleagues use a device that can access their employer’s network. Nine percent allow their partners to access such a device, and one percent even permit their children to use such a device.
  • Password-sharing is rampant, with 20 percent of employees sharing their work email password, and 12 percent sharing passwords to other work applications. Nearly half of all employees are unaware of any company policies around sharing of these passwords.
  • Mobile device security is lax. One in five employees do not have any security software on their work devices, beyond what ships with the operating system.

“Security breaches are a near-daily occurrence in the news. Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling, especially when you consider that they could take place at your bank, at your children’s school, or in your local government. A breach at one location can lead to others, especially with bad password habits like password reuse,” said Alvaro Hoyos, Chief Information Security Officer at OneLogin. “Technical controls should be put in place to ensure only authorized workers are accessing data securely and these should be reinforced with security awareness efforts as well. For example, using single sign-on and identity management solutions to enforce role based access and step up authentication establishes a strong security foundation, and coupling that with periodic security awareness training or simple reminders, strengthens that foundation.”

Nowadays, companies have a plethora of security solutions available to help manage these threats. Compiling a comprehensive list would be a daunting task, so here are a few practical ones that you can easily deploy:

  • Multifactor Authentication (MFA), which prompts employees to authenticate using their phone when they log into applications remotely. This is especially useful for modern enterprises, since 55 percent of workers access work applications away from the office, according to Arlington Research.
  • Security policies, that are not too onerous for employees and are commensurate with the risks and the importance of the asset being protected. Meaning, sometimes deploying a drawbridge will get the job done better than a crocodile filled moat.
  • Awareness, awareness, awareness. All the moats in the world are not going to protect you from employees bringing their canoes to work that don’t know or understand the purpose of the moat. Not only should employees be made of aware of company policies, they should also know how it can impact their personal lives as well. To be blunt, if employees understand they have “skin in the game” in both their personal and professional lives when it comes to security, they will take security awareness training more seriously and this will improve knowledge retention as well.

“OneLogin’s mission is to enhance the security of the modern enterprise, which is becoming increasingly borderless as employees embrace remote work,” said Al Sargent, Senior Director at OneLogin. “The rampant use of mobile devices to access corporate applications means that companies cannot rely on perimeter security; they must secure at the point of authentication. Thankfully OneLogin makes it easy for IT teams to adjust to this new reality.”

Resources

About OneLogin, Inc. 

OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on (SSO) and identity management platform. Our portfolio of solutions secure connections across all users, all devices, and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios. The choice for innovators of all sizes such as Condé Nast, Pinterest and Steelcase, OneLogin manages and secures millions of identities around the globe. We are headquartered in San Francisco, California. For more information, visitwww.onelogin.comblogFacebookTwitter, or LinkedIn.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20663
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and ea...
CVE-2021-20664
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlie...
CVE-2021-20665
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and ear...
CVE-2021-28031
PUBLISHED: 2021-03-05
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.
CVE-2021-28032
PUBLISHED: 2021-03-05
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.