People can be a business’s greatest asset, but they can also be its biggest cyber security liability. Cyber criminals are drawn to the path of least resistance and, when compared to today’s highly advanced security solutions, that’s often what users represent.
Using data collected in Dell Technologies’ End User Security Survey, our team has compiled a list of eight all too common cyber security worst practices.
Accessing confidential data over public Wi-Fi. The risks of connecting to unsecured public Wi-Fi are plentiful and yet the message hasn’t connected with users. Despite the ease with which attackers can use these services to execute man-in-the-middle attacks, users continue to lean on public Wi-Fi. In fact, in Dell’s survey, 46% of respondents admitted to not just using public Wi-Fi, but using it to access company data.
Conducting work via personal email. IT teams can restrict the flow of information into and out of their company over corporate email. Personal email, however, is a different story. Yet, very nearly half (49%) of those surveyed said they conduct business using their personal accounts. This effectively shuts out those in IT tasked with keeping users and company data secure.
Emailing confidential data to those outside the company. Employees’ bad email behavior goes beyond blurring the lines between personal accounts and business workloads. Just under half (45%) acknowledged emailing sensitive files outside the organization. Even though controls exist for managing how data is handled, the risk of misuse remains high.
Taking information with them when they go. Far too often, when an employee leaves a company, he or she doesn’t do so empty-handed. Instead, 35% say it is routine to take data with them when they leave. While the exact nature of the data exiting end users are helping themselves to wasn’t specified, employers would likely prefer it to stay in-house.
Putting their faith (and company data) in over-the-counter cloud. For some users, Shadow IT has become a way of life. More than half (56%) said they use publicly available tools including Dropbox and Google Drive for storage and collaboration. It’s unknown whether or not they are aware of the dangers of this approach.
Seeing security as “somebody else’s problem.” First the good news: According to Dell’s research, 65% of employees see security as their duty. They believe it is up to them to educate themselves on threats and behave responsibly. What enters this into the domain of cyber security worst practices is the fact that 35% still see themselves as removed from their company’s security challenges.
Suffering from security overconfidence. Confidence is good, but too much can be hazardous. Dell’s study found just 22% of employees are worried that, someday, they might cause a cyber-attack or some other security disaster. In truth, any employee, regardless of position or age, could become a victim.
Failing to take training to heart. The majority of those Dell surveyed (63%) are required by their employers to attend cyber security readiness training. However, some are struggling to apply those lessons. Just under one-in-five (18%) engaged in unsafe behaviors post-training without realizing what they were doing was wrong. Furthermore, 24% knew their actions were unsafe, but carried on anyway.