For enterprise workers, convenience trumps security

Cybersecurity CSC Blogs

According to a recent survey, while employees are concerned about data security as well as the security of their own personal data, their attitudes toward security policies belies the very type of data they wish to protect.

Not surprisingly, the survey found that 85% of employees would react negatively if they found out that their personal information was part of an enterprise data breach. And still, the survey found, it’s these same employees that expose their work data to potential data breaches by violating security policy and engaging in bad password management.

This survey also found 26% of employees admitted to uploading sensitive information to cloud apps with the intent to share that data outside the company.

The survey that identified this not very shocking friction between convenience and the desire for security is the identity vendor SailPoint’s Market Pulse Survey.  SailPoint bills this as a global survey designed to measure employee attitudes toward protecting corporate digital assets. According to SailPoint, the independent research firm Vanson Bourne interviewed 1,000 office workers at organizations with at least 1,000 employees within the United States, the United Kingdom, Germany, France, the Netherlands and Australia.

Key findings from SailPoint’s 2016 Market Pulse Survey include:

  • Poor password hygiene continues to plague enterprises. The majority of respondents (65%) admitted to using a single password among applications, and one-third share passwords with their co-workers.
  • Employees don’t assume responsibility for protecting the integrity of corporate security processes.
    • One in five employees would sell their passwords to an outsider.
    •  Of those who would sell their passwords, 44% would do so for less than $1,000.
    • This is up from one in seven who would sell a password a year ago, according to the report.
  • Organizations are struggling to keep up. One in three employees admitted to purchasing a SaaS application without IT’s knowledge (a 55% increase from last year’s report)
  • Alarmingly, more than 40% of respondents reported having access to a variety of corporate accounts after leaving their last job.

“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” Kevin Cunningham, president and founder of SailPoint said in a statement.

In my view, what this survey picked up on is the age old challenge security has in that it “gets in the way” — that is, good password hygiene takes time. And when a co-worker needs access to files, waiting for them to be able to set up a new account or change their password is time consuming. It’s just so much easier to share a password and get that user access immediately.

The same is true when it comes to the survey finding about one-third of respondents buying  cloud apps without informing IT  – it’s just faster and easier to do than going through IT to acquire such apps.

Better to ask forgiveness later than have to slow down their work right now, many workers calculate.


Has the time for cybersecurity insurance come?

5 common password sins the weaken security

6 ways your end users sabotage mobile security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: