A combination of irresponsible user behavior and weaknesses in the protection of networks could create more risks for data breaches during the holiday period than at any other time.
Part of the issue is workaholism: A survey of “privileged users” conducted by BalaBit found that most respondents (70%) expect to use the holiday downtime to connect to the network or check in on emails, with more than a third (39%) logging on to access emails several times a day.
However, the issue is this: while the majority of respondents (72%) have used their own, a friend's or a public device to connect to the network during their holiday, 38% of users have not been asked for extra levels of authentication when connecting to the company network from a device that has not been registered.
"With the holiday season approaching, it can be a prime time to catch up on any unfinished tasks and many of us need to check emails when we're out of the office,” said Zoltán Györko, CEO of BalaBit, in a statement. “However, this survey highlights some worrying lapses in the protection of personal information during the holidays.”
The survey also reveals that some executives sidestep basic security measures during their time off. One in seven respondents (14%) have shared personal access details — their user name or password — with a colleague. Going against best practice on password protection, the same number of respondents have shared their password on the phone so that a colleague could complete an urgent task on their behalf.
Around a third of all respondents surveyed (35%) also admitted that they have not changed their password immediately after they have given it to someone else. Personal relations appear to play a role in this with a fifth of respondents admitting they had done this, as they trusted that person.
“While we're relaxing at home, we can sometimes use the easiest route to complete a task, which means that security is compromised,” Györko said. “Of course, we need to allow executives to do their job even if they're not in the office, but organizations need to support them to do this in a secure way that protects the integrity of sensitive company data.”