Many Employees Are Ahead Of Their Firms In Security

Most employees use a company-approved device at work, especially to access email. But less than half are regulated, and some may not need to be, judging by a study from the B2B research firm Clutch. 

Alert employees spot threats even without training, the study found. For example, 60% report security incidents. Yet only 59% have had training, Clutch reports.

In addition, 76% protect their passwords, while only 67% receive reminders from their companies to do so.

“Often, formal cybersecurity policies that are at the board and/or C-level may not necessarily be propagated to every single employee,” states Randy Battat, CEO of PreVeil.

In general, 52% of employees receive cybersecurity policy training once per year. But less than half are required to acknowledge their firm’s security policy.

How do they protect their passwords? For 82% of those who do, the main practice is regular password updates. And 62% use different passwords for each account. In contrast, 41% employ multi-factor authentication. And 20% use password manager software. Experts say these practices may not be enough.

advertisement

advertisement

“You do wonder sometimes when you see people write down their passwords on their desk and leave it there if they are grasping its importance,” states Steve Scott-Douglas, CIO of Ciklum, a software engineering provider. 

In addition, observers see risks in the ways employees use company devices:

  • Email — 86% 
  • Calendar — 71%
  • Shared documents — 67% 
  • Proprietary company apps — 48%
  • Company messaging — 46%

Battat warns that "the majority of communications and an organization's intellectual capital can be found in the 'ordinary' email."

Meanwhile, companies are lagging in regulating employee use of devices. They utilize:Password update reminders — 67% 

        • Internet restrictions — 55%
        • User permission prompts — 53%
        • Security software update reminders — 48%
        • Formal acknowledge of policy — 47%
        • Personal device regulations — 40%

Employees are ahead of them. They take advantage of:

      • Password protection — 76%
      • Using company internet networks — 68%
      • Using company-approved personal device — 64%
      • Reporting security incidents — 60%
      • Completing security/policy training — 59%
      • Installing security software — 44%

     

     

    Next story loading loading..