1 in 4 Workers Are Aware Of Security Guidelines – but Ignore Them
1 in 4 Workers Are Aware Of Company IT Security Guidelines but Don’t Follow Them
An alarming percentage of workers are consciously avoiding IT guidelines for security, according to a new report from Symphony Communication Services.
The report, released this morning, is based on a survey of 1,569 respondents from the US and UK who use collaboration tools at work. It found that 24% of those surveyed are aware of IT security guidelines yet are not following them. Another 27% knowingly connect to an unsecure network. And 25% share confidential information through collaboration platforms, including Skype, Slack, and Microsoft Teams.
While the numbers may at first appear alarming, there's another way to look at them, says Frank Dickson, a research vice president at IDC who covers security.
"What I see is a large percentage of workers who view security as an impediment," Dickson says. "When security gets in the way of workers getting their jobs done, people will go around security. Companies need to provide better tools so people can be more effective."
Jonathan Christensen, Symphony's chief experience officer, says that's what Symphony was hoping to find out in doing the survey.
"The classic trade-off is that the more the security, the more clunky and cumbersome the product becomes," Christensen says. "We believe that companies don't have to make that trade-off."
When security pros look for collaboration tools, they should ask vendors whether they offer end-to-end encryption and can administer the keys locally, he says.
"Remember that in a collaboration tool, all the information transmitted is business-critical," Christensen says. "It can be everything from financial data, HR information, and customer account information, so you want to protect it end-to-end."
Survey respondents were also overly optimistic about the security capabilities of collaboration products, Christensen says. For example, 93% say they have confidence their communications and data shared over messaging and collaboration tools are adequately secured by their companies and are safe from hackers. In addition, 84% say they are at least somewhat confident their collaboration providers do not have access to their messages.
Symphony also found a generational shift in security attitudes between Baby Boomers and Millennials.
For example, the survey found that Millennials are:
2x more likely to share confidential information over messaging/collaboration apps.
3x more likely to download sensitive info or intellectual property from their companies.
2x more likely to talk badly about the boss over chat.
3x more likely to share company credit card or password information.
2x more likely to gossip about co-workers.
2x more likely to download a communications app not approved by IT.
Meanwhile, Baby Boomers are:
2x as likely to have never engaged in any of 10 risky security behaviors.
2x as likely to never discuss non-work matters over collaboration tools.
2x more skeptical than Millennials that vendors couldn't view their chats.
"Millennials grew up with social media and apps like Snapchat and are used to widely sharing information," Christensen says. "They take those attitudes into the workplace."
IDC's Dickson agrees that the contrast between generations offers some of the more interesting data from the report.
"The generations have had different experiences with computers,"Dickson says. "Most Baby Boomers have had the experience of a computer crashing and losing data, as well as being phished or hit with a virus. The Millennials are used to sharing. Computers and networks also work better and are more stable today, so not as many of them know what it's liked to experience a computer crash."
Related Content:
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024