Poor Cybersecurity Practices Put Organizations’ Security at Risk

A recent survey commissioned by Mobile Mentor has revealed poor cybersecurity practices are commonplace working in highly regulated industries and those bad practices are a major threat to security.

The survey was conducted by the Center for Generational Kinetics on 1,000 employees in the United States and 500 in Australia, all of whom worked in healthcare, education, finance, or the government. The study examined the endpoint ecosystem and employee experiences. The endpoint ecosystem is defined as all the devices, apps, and tools used by employees.

The survey revealed there is a tradeoff between security and the employee experience and companies have found it difficult to balance security with usability, especially during the pandemic when they have had to switch to a largely remote workforce. Unfortunately, many employers struggled to adapt their security policies to suit different working practices and make them user-friendly.

Many employers were unprepared for the sudden change to remote working. There was a lack of devices to support home working and the pandemic also resulted in chip shortages and supply chain issues, which meant many employers had to rely on employees using personal devices for work purposes and had to implement BYOD policies.

The use of personal devices for work purposes is a security risk and the risks of using those devices have not been fully addressed by many employers. According to the survey, 64% of employees use a personal device for work, yet only 43% have BYOD securely enabled.

IT departments are failing to address the problem of shadow IT – apps and services that have not been authorized for use by employees. It is common for employees to resort to unapproved apps to enhance productivity. 53% of workers said they think they are more productive when they use non-work apps such as Gmail and Dropbox, even though those services can be a security risk and are not compliant for use with sensitive data, such as healthcare data covered by the Health Insurance Portability and Accountability Act (HIPAA).

Employers have introduced security policies that 41% of employees find restrict how they do their job. 36% of employees said they have found a way to bypass security policies as a result. The survey also revealed passwords are a major liability and the security risks associated with passwords are not being addressed.

One of the biggest problems is the sheer number of passwords employees need to have. It is not possible for most employees to think of secure, unique passwords for all accounts – personal and work – without taking some password security shortcuts that are bad for security. One of the biggest risks is choosing passwords that are easy to remember. 69% of respondents opted for easy-to-remember passwords, even though that makes it easy for hackers to guess them. 29% of employees said they write their passwords down in a journal and 24% store passwords on their phones. If the journal or phone is stolen, all accounts could be compromised.

The easiest way for employers to address these common password issues is to provide employees with a password manager. These are relatively low-cost solutions that can significantly improve security. With a password manager, employees do not have to remember passwords, as they are all securely stored in a password vault and are automatically filled when needed. Password manager solutions also have password generators, that ensure strong, unique, difficult-to-guess passwords can be set for all accounts. While these solutions can significantly improve security, only 31% of respondents said they used a password manager.

The survey also revealed there is a lack of security awareness training and employees are often not aware of security policies. 27% of employees said they saw their employer’s security policies less than once a year, and 39% of employees said they were provided with security awareness training less frequently than once a year.

“When the endpoint ecosystem works well, you have a secure, productive, and happy workforce,” said Denis O’Shea, founder of Mobile Mentor. “Until employers prioritize the importance of each component within the Endpoint Ecosystem, their company security and employee productivity are going to be exposed to serious risk.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news