Most employees use a company-approved device at work, especially to access email. But less than half are regulated, and some may not need to be, judging by a study from the B2B research firm Clutch.
Alert employees spot threats even without training, the study found. For example, 60% report security incidents. Yet only 59% have had training, Clutch reports.
In addition, 76% protect their passwords, while only 67% receive reminders from their companies to do so.
“Often, formal cybersecurity policies that are at the board and/or C-level may not necessarily be propagated to every single employee,” states Randy Battat, CEO of PreVeil.
In general, 52% of employees receive cybersecurity policy training once per year. But less than half are required to acknowledge their firm’s security policy.
How do they protect their passwords? For 82% of those who do, the main practice is regular password updates. And 62% use different passwords for each account. In contrast, 41% employ multi-factor authentication. And 20% use password manager software. Experts say these practices may not be enough.
“You do wonder sometimes when you see people write down their passwords on their desk and leave it there if they are grasping its importance,” states Steve Scott-Douglas, CIO of Ciklum, a software engineering provider.
In addition, observers see risks in the ways employees use company devices:
Battat warns that "the majority of communications and an organization's intellectual capital can be found in the 'ordinary' email."
Meanwhile, companies are lagging in regulating employee use of devices. They utilize:Password update reminders — 67%
Employees are ahead of them. They take advantage of: