UK Employees run riot on unrestricted internet access policies
January 2018 by OneLogin
A study by OneLogin, the identity management provider bringing speed and integrity to the modern enterprise, has revealed that 41% of UK businesses see a high-percentage of employees watching adult content at work. A further 45% also see a high-percentage of employees using gaming and gambling websites, and 35% have noticed a high-use of video sharing sites among employees, leaving networks open to phishing scams and viruses downloaded via the use of inappropriate content.
The study, which surveyed more than 600 UK-based IT decision-makers, with influence over their business’s IT security, highlighted a disparity between internet access and security policies. For example, nearly a third (29%) of businesses neglect to monitor their employees’ use of high-risk websites on the corporate network, providing employees with unrestricted internet access, and potentially impacting the security of sensitive business data.
When it comes to the preventative measures used to monitor external threat vectors, over a third (36%) don’t invest in security education for their employees and less than two-thirds (62%) conduct phishing assessments. In addition to this, three quarters (75%) don’t use cloud access security brokers and two-thirds (69%) don’t use Single-Sign-On services. Organisations appear to be taking the risky approach of simply relying on employees to use their common sense when it comes to cybersecurity, leaving valuable corporate data easily accessible to cybercriminals looking for the easiest way into the corporate network.
These security shortcomings can lead to significant costs, since the average cost for a UK company to remediate a data breach is £2.5 million, according to IBM Security’s 2017 Cost of Data Breach study. These costs include the unexpected loss of customer business, product discounts, forensic and investigative activities, and legal expenditures. And once GDPR comes into effect in May 2018, penalties related to data breaches will start at €10 million and can go up to as much as €20 million or 4% of a business’s annual turnover, depending on which is higher.
“With an influx of employees now choosing to work remotely from personal devices, many remain unaware of security threats and often access the internet forgetting they’re still connected to the corporate network. Therefore, organisations simply cannot afford to rely on employees to know the impact of their personal habits on corporate cyber security, meaning proactive steps must be taken. Emphasis must be placed on IT and security training for employees to understand the need to avoid high-risk websites to preserve corporate integrity,” said Alvaro Hoyos, chief information security officer at OneLogin.
605 interviews were conducted in the UK using an online methodology amongst a nationally representative sample of experienced non-managers and above who work in their company’s IT department who are decision makers for hardware, software and cloud-based services, who have some responsibility for IT security, whose company does creation and deletion of employee logins in-house, and either manages logins or is responsible for their creation. All respondents were aged 18 and over. Quotas were applied to gender, the age of respondent and the region in which they reside to ensure that the sample is nationally representative.