One in three enterprise employees guilty of sending work documents through personal email accounts
August 29, 2017 – Employees are exposing Australia’s largest organisations to security threats by saving work documents on unsecured devices or using personal email accounts, reveals new research from leading document productivity company Nitro.
The survey of 300 large* enterprise employees, from entry to senior management level, discovered a major disconnect between worker behaviour and IT policies while identifying the lack of software standardisation as a potential non-compliance driver.
Despite the majority of enterprise businesses mandating what software (88%) and devices (91%) employees can use, the study found employees continue to create security risks by using personal devices for work (52%), sending work-related documents through personal email accounts (38%), and saving their work communications or files on devices without password protection (10%).
Surprisingly, risky security practices don’t decline further up the organisational ladder. Research revealed that employees ranging from Manager to C-Suite admitted negligence on par with junior workers.
CIO blind spots leave systems open to ransom
Given the rising numbers of global ransomware outbreaks—including two attacks in two months that affected the Australian offices of Cadbury and DLA Piper—it has never been more important for CIOs and IT managers at large organisations to minimize all potential vulnerabilities.
Nitro APAC Director Adam Nowiski reports “In a world where data breaches are increasingly commonplace, there remains a disconnect between the security policies at Australia’s largest enterprises and the real-world behaviours of employees. Security remains a top priority for CIOs and IT managers, but it requires a company-wide compliance culture to ensure procedures are followed.”
“Our study revealed software standardisation is too often an overlooked tool in the CIOs kit bag for plugging potential data leaks and driving top-down culture change to an environment free of disparate solutions, inefficient processes, and risky employee workarounds.”
Security through digital standardisation
Research revealed that mismatched software products and versions cause compliance challenges among a significant portion of employees, including one in four (23%) who resort to using personal devices because they don’t have suitable pre-installed software and 27% who install unsanctioned software themselves.
In addition to creating potential security risks, the lack of standardisation within Australian enterprises is also causing productivity bottlenecks across the workforce. Since many employees are unequipped with the software they need to accomplish key tasks like opening, editing, signing, and securing documents, almost one-third (29%) of workers must send files to a limited number of “power users” who have access to the right tools.
“A ‘shadow IT’ environment of mismatched software and inconsistent product lifecycles makes it nearly impossible for IT managers to protect against security vulnerabilities,” Nowiski said.
“Standardised environments allow IT managers to focus on protecting and optimising organisations’ IT systems based on uniform versions of solutions. At Nitro we work closely with customers to achieve such environments, providing change management support and creating practical strategies that save time, money, and IT resources.”
Key Nitro research findings include:
- Password disconnects: Although 86% of enterprises enforce strong password procedures—such as password complexity, rotation or two-factor authentication—one in 10 workers admit to leaving work communications or files saved on devices without a password.
- Lack of printing precautions: One in 10 respondents print sensitive work documents without destroying them after use. Despite previous research that revealed one in four data breaches in organisations of 500 or more people involved paper records, Nitro’s study found just 6% of participants believe that printing sensitive documents without destroying them was the most likely data security threat to their organisation.
- Need for top-down compliance: A significant portion of managers, senior managers, and even C-Suite executives admit to working on personal devices (55%), sending work emails and files through personal email accounts (40%), and saving work communications or files on devices without password protection (10%).
Note to Editors
*Survey conducted via Pure Profile in June 2017 using an online survey method. Survey completed by 300 Australians working at organisations with 500 people or more.
Jordan Lambe firstname.lastname@example.org 03 9268 7800
Molly Bruce email@example.com