Employees use personal devices for work without much oversight
- Although about 64% of employees use an employer-approved device for work-related tasks, only 40% use a personal device that's monitored, according to a new survey by B2B research firm, Clutch. Employees use their own devices to send and receive emails, share information and access company proprietary data and messages for their jobs.
- Employees performing everyday work tasks using unsecured devices can present the highest cybersecurity risks, said Randy Battat, CEO of PreVeil, an end-to-end encryption providing company. He said most communication, along with organizations' intellectual information, can be found in everyday email use.
- In some instances, employees take precautions beyond their employers' cybersecurity policies, the survey found. As an example, more employees (60%) report cyber breaches than undergo cybersecurity policy or compliance training (59%). This seems to show that employees comprehend IT cyber threats and best practices, but without ongoing communication or training from their employers, they might not be able to recognize a cybersecurity problem when they face one, Clutch said.
Informal "bring your own device" or BYOD policies are growing in popularity due to the ease and flexibility such policies allow. But personal use of these devices makes employers' systems more susceptible to cybersecurity breaches, especially if an employer doesn't provide any policy or guidance on the matter.
Workers might understand that precautions against cybersecurity attacks are necessary, but as much as 88% of employees lacked the awareness to prevent a cybersecurity breach, the "State of Privacy and Security Awareness Report" shows. Findings like this demonstrate the need for continuous training in cybersecurity protocol, including recognizing phishing, ransomware and signs of potential cyber attacks before they play out.
HR staffs are frequent targets of cybertheft because of the high volume of personal data they maintain on employees. A major theft technique involves fake emails disguised as legitimate messages from high-level executives in organizations requesting financial and other personal information — meaning training on how to detect such messages is key.
Since not all cyber breaches originate externally, employers must be vigil about employees' access to systems and data. In 95% of organizations, workers reportedly try to override their employers security mechanisms. Without checks on this kind of behavior, malicious activity and data theft could follow.