Computerworld.com posted today an article revealing that some of the largest security threats to companies are caused by workers – according to a recent survey conducted by Aruba Networks.
The security firm, currently being acquired by Hewlett-Packard and based in California, questioned approximately 11,500 employees in 23 countries. The firm found that many of the security threats were tied to male workers under the age of 35 who earned more than $60,000 annually.
Here is a summary of the findings:
- 60% of employees under age 35 were willing to share their work and personal smartphones and other mobile devices with other people
- About 20% of those employees didn’t have passwords set on the devices, claiming they intentionally didn’t set them so they could share the devices more easily
- 56% said they were willing to disobey their boss to do work on the device
- 87% assumed their IT shops would keep them protected
- 31% admitted they had lost data due to misusing the device
Several more findings suggested that younger workers were more likely to misuse devices, and therefore to cause security threats.
The PCNS Take
The topic of IT security is at the forefront of nearly every company President and CEO’s mind. You can’t visit a media website these days without coming across an article that talks about it. Yet many employees and business owners still don’t understand the link between employee error (intentional or unintentional) and security risk. Or they do, but they don’t know how to address it.
As a managed services provider (MSP) that currently serves nearly 150 clients across a variety of industries, rest assured we invest a lot of time in thinking about security, and for good reason: In this study 87% of respondents said they assumed their IT shops (for our clients, that's us!) would keep them protected. Is that a realistic expectation? The answer is yes….and no.
Whether provided by an internal IT department or an outside provider like PCNS, every organization should have a thoughtful, multi-layered approach to security. In that scenario, the weakest link often becomes – as this article points out – the users themselves. There are components a thoughtful security program can include to protect the organization from careless users. These include web filtering, strong password policies, two-factor authentication, and other measures. But when push comes to shove, there is NO way to protect an organization from a user who unwittingly clicks on the wrong thing. That is why we stress the importance of Internet Security Awareness Training with all of our clients.
If there is one key take-away from this article, it is that companies must acknowledge the critical role employees play in keeping the IT environment secure (or not). In that landscape, End User Internet Security Awareness Training must be a priority. After all, it doesn't matter how many filters or layers of protection you put in place if to defend against the bad guys if your troops remove their armor as they charge into battle.
If you have any questions about policies, training, or securing your network the right way, we’re here to help (412.928.8670 or firstname.lastname@example.org).