The bring-your-own-device (BYOD) and shadow IT phenomenon is starting to yield real risk, according to new research. Arlington Research found that 13% of American workers let their colleagues use a device that can access their employer’s network. Nine percent allow their partners to access such a device, and 1% even permit their children to use such a device.
On top of that, the survey found that mobile device security is lax. One in five employees do not have any security software on their work devices, beyond what ships with the operating system.
It’s an issue that isn’t helped by the fact that password-sharing is rampant, with 20% of employees sharing their work email password, and 12% sharing passwords to other work applications. Nearly half of all employees are unaware of any company policies around sharing of these passwords.
“Security breaches are a near-daily occurrence in the news,” said Alvaro Hoyos, CISO at OneLogin, which sponsored the report. “Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling, especially when you consider that they could take place at your bank, at your children’s school, or in your local government. A breach at one location can lead to others, especially with bad password habits like password reuse.”
Fortunately, companies have a plethora of security solutions available to help manage these threats, including: multifactor authentication (MFA), which prompts employees to authenticate using their phone when they log into applications remotely; implementing security policies that are not too onerous for employees and are commensurate with the risks and the importance of the asset being protected; and investment in employee awareness.
“Technical controls should be put in place to ensure only authorized workers are accessing data securely and these should be reinforced with security awareness efforts as well,” Hoyos said. “For example, using single sign-on and identity management solutions to enforce role-based access and step up authentication establishes a strong security foundation, and coupling that with periodic security awareness training or simple reminders, strengthens that foundation.”
Photo © Joe Techapanupreeda