While 93% of office workers admit to insecure IT practices, we can’t blame ignorance: It turns out that tech-savvy users are actually the worst offenders.
According to Intermedia’s 2015 Insider Risk Report, which catalogued the online security habits of more than 2,000 employees in the US and UK, most office workers engage in some form of unsafe online habits that could jeopardize their employer or their customers. But, the very people who have the greatest access to company data and are tasked with keeping the company secure—IT personnel—are much more likely to engage in risky behaviors than the average employee.
“It’s nearly always that technical people are the worst offenders,” said Richard Walters, vice president of identity and access management at Intermedia. “They know how to get around various controls that an IT team will put in place. It’s sometimes done with the best intent, but nevertheless with a complete lack of consideration for the risk or security implications.”
A third (32%) of IT professionals have given out their login or password credentials to other employees (compared to 19% across all respondents), while 28% of IT pros said they accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents).
“I’m particularly worried about ex-employee access,” said Felix Yanko, president of ServNet, in the report. “What kind of access do employees walk away with when they leave? If they go to a competitor, what kind of damage can they do? People usually delete stuff when they leave, which is bad enough—but it’s really bad when they can come back a few months later and wreak havoc. Especially if it’s IT people with that access. That bothers me the most.”
Worse, almost a third (31%) of IT pros said they would take data from their company if it would positively benefit them—nearly three times the rate of general business professionals.
These kinds of practices create risks that include lost data, regulatory compliance failures, data breaches, e-discovery complications, ex-employee access, and even out-and-out sabotage by a disgruntled current or former employee.
Intermedia’s report also includes data about security habits across age group, company size and job tenure. It turns out that Millennials are most likely to breach the personal and professional computing divide. Common activities include installing apps without company approval, saving company files to personal cloud storage, or engaging in other risky shadow IT practices.
By employment duration, long-term employees (7+ years) tend to introduce greater overall security risks.
“Security policies are most effective when employees don’t even have to think about them,” said Jonathan Levine, CTO at Intermedia. “That’s why it’s so important to provide tools that make it easier to follow the rules, like single sign-on portals or enterprise-class file sharing. The simpler it is for employees to be productive using company sanctioned tools, the more likely you are to deter the kinds of practices that put the company at risk.”