Bad office habits increase the chance of a data breach
A new study of over 1000 US office workers finds that 99 percent of those surveyed admit to conducting at least one potentially dangerous security action, from sharing and storing login credentials to sending work documents to personal email accounts.
The survey by cloud business solutions provider Intermedia finds that 24 percent of office workers reuse the same login credentials for their work and personal accounts.
Nearly all 96 percent automatically save work passwords on their work computer, instead of routinely entering login credentials. More than half (57 percent) of office workers admit to storing work files on their desktop or in desktop folders.
In addition 34 percent say they store work data on personal file sync and share services, a significant increase from the 12 percent who reported doing this in 2015. This puts valuable data outside of the organization's security practices and, thus, the company’s control.
"While widespread ransomware attacks, hardware failure, and natural disasters are all serious threats to an organization, the biggest security threat comes from the inside," says Jonathan Levine, CTO at Intermedia. "When employees do not properly back up files, choose to use the same password across multiple accounts, or send confidential materials to their personal accounts, their companies are left exposed and vulnerable not only to data loss, but to serious financial and legal implications as well."
There's also a worrying trend towards unauthorized access. One-third (34 percent) of office workers report accessing work materials after leaving a company, compared to 12 percent in 2015. Plus 49 percent of workers in IT departments admit to accessing work materials after leaving a company, compared to 28 percent in 2015.
On average, 64 percent of office staff send a work document to their personal email at least weekly, exposing confidential data to even more threats. And they aren’t just sharing emails or memos. Materials sent include HR-related information (22percent), customer information (19percent), and strategic company information (18percent).
"Employees want to do the right thing, but sometimes don't know how, or the tools they are given to do so are often hard or cumbersome to use," Levine continues. "As our latest study shows, organizations need to recognize that getting employees to change their behavior won't happen overnight. Instead, companies need to offer solutions that protect confidential information with minimal impact on an employee’s daily workflow, such as automated backup and 2-factor password requirements. The most effective security measures are often ones that employees don’t even know are in place."
You can read more about the findings in the full report on the Intermedia website.