15 January 2013
New research reveals major cyber security flaws in working practices
Misuse of corporate data, password protocols, and mobile app downloads all contributing to corporate cyber security risks
1 out of every 5 workers surveyed online (18%) do not have passwords or pins on all of their work devices (including laptops, desktop PCs, tablets and smartphones). Furthermore, of those that said they did use passwords or pins 21% said they had written them down so they didn't forget them and 23% had also shared their password with another person (such as a family member or friend, another colleague or their manager).
This is according to an online survey of 1,197 British workers, commissioned by technical training company QA and run by YouGov. The survey highlights the need to educate staff and raise awareness of cyber security risks.
In light of recent government announcements concerning cyber security policy and funding, the QA survey looked to 'take the pulse' of the existing security practices of online workers to determine the risks which UK businesses face.
Key Findings: Failure to follow basic security protocols
Bill Walker, Technical Director at QA explains that when it comes to online security, we are our own worst enemies. "Despite having secure password protocol drilled into us - it must be over 10 characters, have upper case and lower case letters, contain numbers or special characters and be the most secure line of code possible - 21% of respondents said they had written it down and 23% said they had shared it with another person (such as a family member or friend, another colleague or their manager). This could provide an easy opportunity for anyone looking to gain access to the corporate network. In many cases, the hacker would simply need to ask to be told the password (perhaps posing as a member of the IT support team) or for the 21% who have written it down, hacking into a corporate system could potentially be as easy as walking past someone's desk and reading the password off of a post-it note!"
Key Findings: The Mobile App Risk
In light of the growth in popularity of corporate apps, the online research also surveyed worker's mobile app usage in Britain. It found that 1 in 14 respondents had downloaded an app onto a company-owned mobile device (7%). In addition, 35% of those surveyed have used their own devices to access company documents or emails. If any of those 35% were to have downloaded a virus-infected app onto their personal device, and then used it for work purposes, the risk of a corporate data breach increases. And the data also shows that 47% of people who have used their own personal devices to access company emails or documents have had a virus.
The online survey results can be roughly categorised into 4 key problem areas; policies & procedures, employee security practices (or lack thereof), changing working practices (BYOD/Consumerisation of IT) and the mobile app risk. All key findings are listed below.
Employee security practices (or lack thereof)
- Almost 1 in 5 workers do not have passwords or pins on all of their work devices (18%)
- 21% of workers who have a password or pin to protect their work devices have written them down so they don't forget it
- 23% of workers have shared their password with a family member/ friend, another colleague or their manager
- 1 in 25 online (4%) have deliberately or accidentally taken company data/information with them when they have left an organization and joined a new one
Changing Working Practices - BYOD and Consumerisation of IT
29% of workers have transferred files (e.g. using USB/email etc.) from a work PC to use on a personal PC
35% of workers have used their own personal devices to access company emails and documents
The Mobile App Risk
1 in 14 respondents had downloaded an app onto a company mobile device (7%)
Lack of Security Policies and Procedures
- 65% of respondents said that they did have a company IT Security Policy in place (of these, 87% felt they operated in a secure way whilst online at work)
- 16% said that they did not have a company IT Security Policy in place (of these, the percentage of people who felt they operated in a secure way whilst online at work declined to 58%)
- 19% did not know if their company did or did not have an IT Security Policy in place
Of the 65% of workers who did have a policy in place
- 3% had no password or pins on any of their work devices
- 9% only had passwords or pins on some of their work devices
- 19% who had a password or pin to protect the devices they use for work had shared their corporate password with a family member or friend, another colleague or their manager
Summarising the findings, Bill Walker concluded that "The results highlight real cyber security risks to UK businesses. These risks are simple to address with a combination of the right policies, procedures and training in place. With cybercrime on the rise, companies need to understand their own security vulnerabilities and put policies and procedures in place to address them. The survey results can also be viewed in the broader context of the need to ensure a prepared and well-trained security team which can protect the corporate network should a breach occur."
About the survey
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2003 adults of which 1197 were workers. Fieldwork was undertaken between 16th - 19th November 2012. The survey was carried out online. The figures have been weighted and are representative of all Great British adults (aged 18+).
To learn more about QA and the courses it offers visit www.qa.com
To register for our free cyber security seminar taking place on 18 th January go to www.qa.com/cybertalk and click the 'add to calendar' icon.
Alternatively contact the press office on 01753 898501 or email firstname.lastname@example.org