Aussie workers not following security policies
Australian employees are creating a security nightmare for CIOs by not complying with IT and security policies, research from document productivity company Nitro indicates.
While the wide majority of enterprises mandate what software (88%) and devices (91%) employees can use, more than half of employees (52%) are continuing to create security risks by using personal devices for work.
One in four employees (23%) report resorting to using their personal devices because of a lack of suitable pre-installed software on company-issued devices, and 27% of employees report installing unsanctioned software themselves as a result of this shortage.
In addition, 38% admit to sending work-related documents through personal email accounts and 10% are saving their work communications or files on non-password protected devices.
Almost a third of employees (29%) admit to sending files to colleagues because they don’t have the required software to complete tasks like opening, editing, signing or securing documents.
Lax security practices are common across organisations, with managers and C-suite level employees admitting negligence on par with junior workers.
“A ‘shadow IT’ environment of mismatched software and inconsistent product life cycles makes it nearly impossible for IT managers to protect against security vulnerabilities,” Nitro APAC Director Adam Mowiski said.
“In a world where data breaches are increasingly commonplace, there remains a disconnect between the security policies at Australia’s largest enterprises and the real-world behaviours of employees. Security remains a top priority for CIOs and IT managers, but it requires a company-wide compliance culture to ensure procedures are followed.”
With the rise of ransomware as a prominent security threat, Nitro’s research also found that employee mistakes such as opening phishing emails are considered the most likely security threat (40%), significantly ahead of external attacks from hackers or fraudsters (24%).
Emergency onboarding: what to do before and after a data breach
Organisations that have an emergency onboarding plan are better positioned to have their business...
Savvy directors are demanding more points of proof when cyber incidents occur
Pre-agreement on what a post-incident forensics effort should produce — and testing it out...
Cyber-attack prevention is better than a cure
Corporate and political decision-makers need to invest in areas that do a better job of...
