According to the results of a recent survey of more than 2,000 office workers in the U.S. and U.K., fully 93 percent of respondents engage in unsafe online behavior that could jeopardize their employer's or their customers' data, and 97 percent of respondents have access to sensitive or confidential company information.
The survey, conducted by Precision Sample and commissioned by Intermedia, also found that IT professionals are actually more likely to engage in risky behavior than the average employee -- 32 percent of IT pros have given their login credentials to other employees, compared to 19 percent of all respondents.
Richard Walters, vice president of identity and access management at Intermedia, said in a statement that IT personnel have the benefit of knowing how to get around security controls. "It's sometimes done with the best intent, but nevertheless with a complete lack of consideration for the risk or security implications," he said.
Similarly, 28 percent of IT professionals admitted having accessed systems belonging to their previous employers after they left a job, compared to just 13 percent of all respondents. And 31 percent of IT professionals said they would take data from their company if it would benefit them personally, almost three time the rate for all respondents.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The survey also found that among age groups, millenials are the most likely to install apps without company approval, save company files to personal cloud storage, and engage in other risky behavior.
Surprisingly, the survey also found that long-term employees (seven years or longer) tend to introduce greater security risks overall -- 23 percent of long-term employees have shared login credentials with coworkers, compared to 9 percent of new employees. And 23 percent of long-term employees have deployed free or paid Web apps without consulting IT, compared to 13 percent of new employees.
"Security policies are most effective when employees don’t even have to think about them," Intermedia CTO Jonathan Levine said in a statement. "That’s why it's so important to provide tools that make it easier to follow the rules, like single sign-on portals or enterprise-class file sharing."
"The simpler it is for employees to be productive using company sanctioned tools, the more likely you are to deter the kinds of practices that put the company at risk," Levine added.
A recent eSecurity Planet article examined the importance of offering security training to employees.