Dive Brief:
- Although about 64% of employees use an employer-approved device for work-related tasks, only 40% use a personal device that's monitored, according to a new survey by B2B research firm, Clutch. Employees use their own devices to send and receive emails, share information and access company proprietary data and messages for their jobs.
- Employees performing everyday work tasks using unsecured devices can present the highest cybersecurity risks, said Randy Battat, CEO of PreVeil, an end-to-end encryption providing company. Most communication, along with organizations' intellectual information, can be found in everyday email use, he said.
- In some instances, employees take precautions beyond their employers' cybersecurity policies, the survey found. As an example, 60% of employees report cyber breaches, more than the 59% that undergo cybersecurity policy or compliance training. This seems to show that employees comprehend IT cyber threats and best practices, but without ongoing communication or training from their employers, they might not be able to recognize a cybersecurity problem when they face one, Clutch said.
Dive Insight:
Informal "bring your own device" (BYOD) policies are growing in popularity due to the ease and flexibility they allow. But personal use of these devices makes employers' systems more susceptible to cybersecurity breaches, especially if an employer doesn't provide any policy or guidance on the matter.
Workers might understand that precautions against cybersecurity attacks are necessary, but as much as 88% of employees lacked the awareness to prevent a cybersecurity breach, according to a MediaPro privacy and security report. Findings like this demonstrate the need for continuous training in cybersecurity protocol, including recognizing phishing, ransomware and signs of potential cyberattacks before they play out.
HR staffs are frequent targets of cybertheft because of the high volume of personal data they maintain on employees. A major theft technique involves fake emails disguised as legitimate messages from high-level executives in organizations requesting financial and other personal information — meaning training on how to detect such messages is key.
Since not all cyber breaches originate externally, employers must be vigil about employees' access to systems and data. In 95% of organizations, workers reportedly try to override their employers security mechanisms. Without checks on this kind of behavior, malicious activity and data theft could follow.