UK employees display contrasting attitudes towards security in the workplace compared to when they are at home, according to new research by Citrix.
The survey of 2,000 full-time working Brits found that almost half of those polled regularly use passwords to protect home documents, whereas only one in three (35%) do so at work. What’s more, almost 70% of workers said they shred and dispose of unwanted personal documents at home, whilst as little as two in five do the same at work.
These findings suggest that employees, whilst seemingly mindful of taking steps to safeguard their own data, are less inclined to demonstrate good security at work as they expect their organization’s IT safety infrastructure to automatically protect company data.
Dr Jessica Barker, consultant with expertise in the ‘human side’ of cybersecurity, told Infosecurity that Citrix’s discoveries are not all that surprising.
“A lot of people tend to assume that IT security at work is the responsibility of the IT or information security department alone,” she said.
“However, it's great that a lot of people are taking care of their data at home, and businesses can use this personal awareness to build a stronger organizational cybersecurity culture.”
Dr Barker added that companies need to make their staff more aware of the value of corporate data and that protecting it is just as much their individual responsibility as it is of the organization as a whole.
“It's important that this is led by example, with those at the top demonstrating their commitment to information security via good behaviors and financial investment. Having ambassadors for cybersecurity throughout the organization, like health and safety representatives, can also help build and embed a healthy cybersecurity culture,” she argued.
Perhaps most interestingly, the survey also found differing security attitudes between older and younger workers. Almost 60% of those in the over 55 age group claimed they only use work devices with trustworthy company security software, whereas the figure was less than half (47%) for 25-34 year olds (often referred to as ‘millennials’).
It’s no secret that the younger generation is both exposed to and use various connected apps and devices that not only share a great deal of personal/sensitive data but are also capable of accessing a company’s network. As Citrix’s research shows, this appears to have had the knock-on effect of creating a far more relaxed outlook on security among this age group, something that has the potential to cause significant disruption to businesses.
This was an issue discussed recently by Harold Moss, VP Security Strategy at Akamai, at the CSIT World Cyber Security Technology Research Summit 2016 in Belfast.
Moss commented on the fact that, in his opinion, because the younger generation (millennials) is so accustomed to bringing its own devices into the workplace, accessing cloud-based apps and using social media (all of which carry their own security issues) it poses a noteworthy privacy threat to companies.
“Millennials are going to be the future, so in 2025 it is expected that half of workforces will be made up of millennials,” he said.
“When you look at millennials, they are very attached to their technology.”
“The reality is, they don’t think about security. They think ‘this [security] should just be embedded in everything I do’ so we have to think differently about how we approach those things,” he added.
Chris Mayers, chief security architect at Citrix, said this age-related disparity is an issue that employers need to tackle by educating employees across all age groups about their security obligations to “ensure they don't become part of yet another high profile data breach."