Differing attitudes toward security create remote working risks
We’ve examined in recent weeks the risks that come from widespread remote working. Now, thanks to a study from Tessian, new insights are coming to light. Most notably, a disconnect persists between IT staff and an organization’s employees regarding best security behaviors. Surveying 2,000 professionals in the US and UK, Tessian found that only about half of remote workers these days are sufficiently security conscious—contrasted with 91% of IT trusting them to be. Breaking down the distribution, this is weighted especially towards employees in the US, where people are about twice as likely as in the UK to either send emails to the wrong person or data to their personal accounts.
Age also seems to be a factor, with younger people (18-30 year olds) are more likely than employees over age 51 to make these email faux pas at 69% to 21%. It’s kind of funny, stereotypically you’d expect the younger generation to make fewer tech blunders. Well, it is true that millennials and younger aren’t all about email, I suppose. Ultimately, this kind of human error is a predominant cause of security incidents, a fact that has remained unchanged for as long as cybersecurity has been a thing.
Unfortunately, other statistics portray a degree of cavalier attitude. While over half (58%) of workers may concur their data is less secure while working away from the office, around the same percentage admit to riskier behavior and a willingness to work around security policies if they feel it will facilitate their work functions. This mindset sadly does little to mitigate the preexisting challenges human behavior presents to an organization’s security.
Meanwhile, as businesses strive to instill new infosec cultures aligned with the new reality of working, they must continue to ensure ethical collection and handling of the data in question. As always, informing customers exactly how their data is to be used, and obtaining their explicit consent to do so, is a critical step. Opt-outs are key, as is transparency. Doubly so in the event of a breach, when customers are wondering what will be done to protect their data after it’s already been exposed. Failure to do so won’t just mean potential lost business. Running afoul of privacy regulations like GDPR and its copycats, depending on where business is done, is another concern.
Clearly, responsibility falls on both sides, a company’s employees and its management, to ensure strong data security practices are understood and followed. Bridging any disconnect is the only way to reduce human error’s role in a data breach.