IT Leaders Overestimate Staff's Commitment to WFH Security

IT leaders who trust their employees to follow security best practices while working from home are sadly overoptimistic.  

According to new research published today by email security firm Tessian, while 91% of IT leaders believe their staff are doing their best to work securely from home, 52% of employees believe toiling from home means they can get away with riskier behavior.

Tessian surveyed 2,000 employees across the US and the UK as well as 250 IT decision-makers to examine the state of data loss within organizations. Researchers also set out to learn how data loss is impacted by employees working remotely. 

The survey revealed that 48% of employees cite “not being watched by IT” as the number one reason for not following safe data practices when working from home. The second excuse given for working on the wild side was "being distracted."

While such results might lead one to conclude that tighter controls are needed to maintain security, Tim Sadler, CEO and co-founder of Tessian, said that this tactic would not work on its own.

"Business leaders need to address security cultures and adopt advanced solutions to prevent employees from making the costly mistakes that result in data breaches and non-compliance," said Sadler.

"It’s critical these solutions do not impede employees’ productivity though. We’ve shown that people will find workarounds if security gets in the way of them doing their jobs, so data loss prevention needs to be flexible if it’s going to be effective.” 

Researchers found that IT leaders in the US underestimate how many of their employees' emails are misdirected. While IT leaders in US organizations with over 1,000 employees estimate that 480 emails are sent to the wrong person every year, the real figure recorded by Tessian platform data is 1.6 times higher.

More than half of survey respondents―51%―said security policies were impeding their productivity, while 54% said that they will find workarounds if security policies stop them from doing their jobs. 

Compared to the UK, workers in the US were much more likely to act in way that could jeopardize the security of their company. Employees in the US were twice as likely to send an email to the wrong person and twice as likely to take company documents home with them when they leave a job.

What’s Hot on Infosecurity Magazine?