Security Snippets: Survey indicates that a large share of employees circumvent company cyber policies

It may come as little surprise that employees try to find ways to make their day-to-day work more efficient. It may be surprising, however, to learn that an overwhelmingly large number of employees could be seeking to achieve this by finding workarounds to their company’s cybersecurity policies. A new research survey conducted by identity security firm CyberArk gathered responses from over 14,000 employees across six countries, and the responses lay bare how substantial security risks are likely to arise from ordinary employee conduct. 

Common workplace habits may run afoul of company cybersecurity policies.

Perhaps most notably, a whopping 65% of survey participants disclosed circumventing their employer’s cybersecurity practices in some form or another, usually to augment their productivity. This is done through a variety of simple habits, which, in the absence of sufficient training or controls, can easily go un-checked. Prevalent examples include forwarding corporate emails to personal accounts, connecting to the internet by using personal Wi-Fi hotspots, or relying on the same password for numerous work (and personal) applications. Further, 40% of employee responses signalled that they frequently download customer data, 36% indicated that they are slow to download security patches and software updates, and 52% admitted to having disclosed confidential work information to outsiders. 

In addition to these common issues, circumventing workplace AI guidelines is also quite common. A large share of respondents admitted to having, at some point, failed to follow company rules regarding the input of sensitive/confidential information into their work AI systems. 38% responded that they either “only sometimes” or “never” follow their company’s AI guidelines. Many employees also noted that their employer did not even have a policy about AI or the use of sensitive information to begin with.

The security risks implicated by these statistics are compounded by the ubiquitous reliance of collaboration tools and personal devices (80% of the survey participants reported using work apps/services on their devices) as well as the increasing use of AI products (72% of survey participants reported that they make use of AI products at their jobs). 

How can companies address workplace cybersecurity workarounds?

The frequency with which employees casually run afoul of cybersecurity policies, and the rising volume of AI use at the workplace, each raise substantial security concerns that threat actors may exploit. Companies may want to evaluate how their current cybersecurity policy is communicated to employees and instilled in the work culture and put mechanisms in place to mitigate mundane employee conduct that violates established protocols. Additionally, it may be helpful to assess whether current programs sufficiently address the unique security threats raised by AI, especially when it comes to employee use of AI tools. While employees may be eager to make use of new technologies and tricks that improve their performance and deliver strong results, this enthusiasm must also be tempered by an awareness of the associated risks.

Authored by Nathan Salminen and Ryan Campbell.