ThycoticCentrify surveyed 8,000 knowledge workers across 15 countries. The survey illustrated a tricky balancing act between security and productivity, with the assumption being that IT will always be the safety net.
The survey shows a strong disconnect between what we understand are secure behaviours and what we actually do.
79% of employees engage in risky behaviour despite knowing the dangers.
Thycotic report that employees believe they are not important enough to be targeted, so are more prepared to take risks. When it comes to deciding between productivity and security the former wins all too easily.
Here are two of the behaviours highlighted in the survey
First, 35% of people save multiple passwords within their internet browser across work and personal devices.
The danger of having a browser with passwords compromised is that criminals gain access to multiple passwords, both personal and work. That makes it easier to cross over from personal to work systems.
Seeing all of an individuals passwords gives criminals insights to any signature password patterns they use. That makes further hacks easier.
Secondly, 34% of people have sent a work document to a personal computer to work around a system malfunction. We know that remote workers have faced frustrations with systems and almost half report frustrations such as slow Internet connections, slow work devices and VPN connections. Sending a document to personal email may be good for productivity, but is a security problem.
The challenge in developing a shared security-first mindset is balancing the competing concerns of productivity and security. The survey has two revealing stats. 86% of respondents expressed a personal sense of responsibility to avoid cyber threats. Yet 51% also said the sole responsibility lay with the IT department. Technical solutions can only take security so far, there is also an important human layer.
Security tools and their implementation need to take into account the fact that change is hard to embrace. Unless they provide a good user experience there is a significant danger that secure tools will not equate to secure work.
You can download the report here.