Arraya Insights | June 5, 2018
People can be a business’s greatest asset, but they can also be its biggest cyber security liability. Cyber criminals are drawn to the path of least resistance and, when compared to today’s highly advanced security solutions, that’s often what users represent. Unfortunately, users have done little to diminish that reputation. Instead, many have developed bad habits that have only served to make them even more appealing targets.
Using data collected in Dell Technologies’ End User Security Survey, our team has compiled a list of nine all too common cyber security worst practices.
- Accessing confidential data over public Wi-Fi. The risks of connecting to unsecured public Wi-Fi are plentiful and yet the message hasn’t connected with users. Despite the ease with which attackers can use these services to execute man-in-the-middle attacks, users continue to lean on public Wi-Fi. In fact, in Dell’s survey, 46% of respondents admitted to not just using public Wi-Fi, but using it to access company data.
- Conducting work via personal email. IT teams can restrict the flow of information into and out of their company over corporate email. Personal email, however, is a different story. Yet, very nearly half (49%) of those surveyed said they conduct business using their personal accounts. This effectively shuts out those in IT tasked with keeping users and company data secure.
- Emailing confidential data to those outside the company. Employees’ bad email behavior goes beyond blurring the lines between personal accounts and business workloads. Just under half (45%) acknowledged emailing sensitive files outside the organization. Even though controls exist for managing how data is handled, the risk of misuse remains high.
- Taking information with them when they go. Far too often, when an employee leaves a company, he or she doesn’t do so empty-handed. Instead, 35% say it is routine to take data with them when they leave. While the exact nature of the data exiting end users are helping themselves to wasn’t specified, employers would likely prefer it to stay in-house.
- Putting their faith (and company data) in over-the-counter cloud. For some users, Shadow IT has become a way of life. More than half (56%) said they use publicly available tools including Dropbox and Google Drive for storage and collaboration. It’s unknown whether or not they are aware of the dangers of this approach.
- Seeing security as “somebody else’s problem.” First the good news: According to Dell’s research, 65% of employees see security as their duty. They believe it is up to them to educate themselves on threats and behave responsibly. What enters this into the domain of cyber security worst practices is the fact that 35% still see themselves as removed from their company’s security challenges.
- Suffering from security overconfidence. Confidence is good, but too much can be hazardous. Dell’s study found just 22% of employees are worried that, someday, they might cause a cyber-attack or some other security disaster. In truth, any employee, regardless of position or age, could become a victim.
- Failing to take training to heart. The majority of those Dell surveyed (63%) are required by their employers to attend cyber security readiness training. However, some are struggling to apply those lessons. Just under one-in-five (18%) engaged in unsafe behaviors post-training without realizing what they were doing was wrong. Furthermore, 24% knew their actions were unsafe, but carried on anyway.
- Putting gut feelings ahead of policy. Far too often, employees are choosing to go with their guts instead of sticking to policies. Some 23% of those surveyed said they would share company data if the risk was low but the benefit was high. Others said they would share confidential data if they believed it would help them (22%) or the recipient (13%) do their job better.
Next Steps: Turning around cyber security worst practices
You can patch your systems, but you can’t patch your users. All you can do is give them the tools and support they need to navigate today’s cyber security climate. Want to learn how? Join us on June 7th for our annual Arraya Solutions Tech Summit. Now in its fourth year, the Tech Summit is a full day of deep dives into the technologies and trends shaping IT. We’ll cover disciplines such as data center, cyber security, cloud, and more. Members of our technical team present each session, guaranteeing a day “by techs, for techs.” This year, we’ve included a session titled “You Can’t Patch People – Protecting Users from Themselves.” During this session, attendees will learn how to better prepare their end users for today’s attack vectors.
Our Tech Summit is free, but registration is required. Visit: https://events.arrayasolutions.com/ to secure your spot today! Also, you can stay in the know about our latest Tech Summit news, industry insights, and future learning opportunities by following us on social media: LinkedIn, Twitter, and Facebook.