One in 10 UK Staff Circumvent Corporate Security

A tenth of UK workers actively tries to bypass their organization’s security measures, according to a new study from Cisco.

The networking technology giant polled over 1000 UK professionals who work for organizations that allow flexible working to better understand the potential security risks of the emerging hybrid workplace.

It revealed that hybrid workers don’t feel like cybersecurity is their responsibility: many try to find workarounds or engage in risky behaviors like password reuse.

One in five employees (19%) said they use the same password for multiple accounts and applications, while only 15% use a secure password manager for apps and online services. That puts individuals at risk of phishing attempts and brute force attacks like credential stuffing.

Part of the problem appears to be user friction in existing security measures. Less than half (44%) of those polled said they find it easy to securely access their IT equipment within minutes.

A majority said they’d be willing to use facial recognition technology (55%) or fingerprint scanners (69%) to access the network, reflecting how enterprise security is still playing catch-up with consumer functionality in some areas.

Poor security awareness could be another factor leading to reckless behavior and workarounds. Only a tenth of UK organizations offered security training for all employees, according to a government report.

Just a third (35%) of employees said they’re aware of single sign-on solutions, and only half (49%) use multi-factor authentication to access their company’s network – both of which could streamline security.

As it is, UK workers complain they spend on average 12 minutes a day on security measures. Although this is less than the global average of 14 minutes, it amounts to an estimated 49 hours each year and highlights a usability problem with current systems.

“With hybrid work here to stay, employees are increasingly operating from uncontrolled environments, using public and private networks and multiple devices. When individuals don’t know how to protect themselves and their company network against an attack, an entire business could come under siege,” warned Cisco managing director of cybersecurity in EMEAR, Lothar Renner.

“In a new and complicated threat landscape, businesses need to focus on both educating employees to keep their communications safer and more secure and choosing integrated security technologies to maximize threat protection.”

What’s Hot on Infosecurity Magazine?