Study Suggests Employees Put Data Security at Risk

June 24th, 2016   /     /   security and compliance

You may have long suspected it but now OneLogin confirms it: employees are exposing employers to security risks.

According to research conducted by Arlington Research, on behalf of OneLogin, based on a survey of 1,022 respondents in the U.S. in May 2016, a company’s own employees may in fact be the greatest risk to data security. We put together this infographic to illustrate some key takeaways about data security.

As the infographic above suggests…

  • Employees are putting corporate networks at risk: 13 percent let their colleagues use a device that can access their employer’s network. Nine percent allow their partners to access such a device, and one percent even permit their children to use such a device.

  • Password-sharing is rampant, with 20 percent of employees sharing their work email password, and 12 percent sharing passwords to other work applications. Nearly half of all employees are unaware of any company policies around sharing of these passwords.

  • Mobile device security is lax. One in five employees do not have any security software on their work devices, beyond what ships with the operating system.

“Security breaches are a near-daily occurrence in the news. Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling, especially when you consider that they could take place at your bank, at your children’s school, or in your local government,” said Alvaro Hoyos, Chief Information Security Officer at OneLogin.

“Technical controls should be put in place to ensure only authorized workers are accessing data securely and these should be reinforced with security awareness efforts as well. For example, using single sign-on and identity management solutions to enforce role based access and step up authentication establishes a strong security foundation, and coupling that with periodic security awareness training or simple reminders, strengthens that foundation.”

According to Hoyos, companies have a plethora of security solutions available to help manage these threats. Compiling a comprehensive list would be a daunting task, but Hoyos provides readers with a few practical ones that they can easily deploy including:

  • Multifactor Authentication (MFA), which prompts employees to authenticate using their phone when they log into applications remotely. This is especially useful for modern enterprises, since 55 percent of workers access work applications away from the office, according to Arlington Research.

  • Security policies, that are not too onerous for employees and are commensurate with the risks and the importance of the asset being protected. Meaning, sometimes deploying a drawbridge will get the job done better than a crocodile filled moat.

  • Awareness, awareness, awareness. All the moats in the world are not going to protect you from employees bringing their canoes to work that don’t know or understand the purpose of the moat. Not only should employees be made aware of company policies, they should also know how it can impact their personal lives as well. To be blunt, if employees understand they have “skin in the game” in both their personal and professional lives when it comes to security, they will take security awareness training more seriously and this will improve knowledge retention as well.

“OneLogin’s mission is to enhance the security of the modern enterprise, which is becoming increasingly borderless as employees embrace remote work,” said Al Sargent, Senior Director at OneLogin.

“The rampant use of mobile devices to access corporate applications means that companies cannot rely on perimeter security; they must secure at the point of authentication. Thankfully OneLogin makes it easy for IT teams to adjust to this new reality.”

About the Author

Dan Rampe is OneLogin’s Director of Global Communications and PR. He has 20+ years hands-on and strategic expertise in public relations, analyst relations, corporate communications, social media, and digital and content marketing in Fortune 500 and start-up environments. Dan takes delight as a company builder and creative storyteller with a focus on SaaS, security, Identity and Access Management (IAM), mobile, authentication, single sign-on (SSO), Identity-as-a-Service (IDaaS) and Internet of Things. When not at work you can often find Dan rock climbing in Yosemite, the Sierra Nevada and points beyond.

View all posts by Dan Rampe