sb-au logo
Story image

Study: Even the Australian C-Suite flouts cybersecurity policies

04 Sep 2017

Employees in some of Australia’s largest organisations are flouting cybersecurity policies and many are sending confidential documents through unsecured devices or personal email accounts – and it’s not just junior employees who are guilty.

A study from document PDF firm Nitro says that there is now a major disconnect between employees and policies that IT managers put in place.

91% of Australian businesses with more than 500 employees mandate what devices workers can use, while 88% mandate the software.

However, 52% of employees, including managers and C-Suite executives, use personal devices for work, 38% send work-related documents through personal email and 10% save their communication or files on devices without password protection.

55% of managers, senior managers and C-Suite admit they work on personal devices, 40% send work emails and files through personal email and 10% save their communication or files on devices without password protection.

The research also pegs employee mistakes such as opening phishing emails and ransomware as the most likely security threat (40%), compared to just a 24% likelihood of hackers or fraudsters.

“In a world where data breaches are increasingly commonplace, there remains a disconnect between the security policies at Australia’s largest enterprises and the real-world behaviours of employees. Security remains a top priority for CIOs and IT managers, but it requires a company-wide compliance culture to ensure procedures are followed,” comments Nitro APAC director Adam Nowiski.

Employees may resort to using personal devices because they don’t have the right software installed on their work devices, according to 23% of respondents. 27% install unsanctioned software themselves.

“Our study revealed software standardisation is too often an overlooked tool in the CIOs kit bag for plugging potential data leaks and driving top-down culture change to an environment free of disparate solutions, inefficient processes and risky employee workarounds,” he adds.

The lack of standardisation in Australian enterprises means there are more productivity bottlenecks and potential risks. 29% of respondents send files to colleagues to action because they don’t have the right software.

“A ‘shadow IT’ environment of mismatched software and inconsistent product lifecycles makes it nearly impossible for IT managers to protect against security vulnerabilities,” Nowiski adds.

“Standardised environments allow IT managers to focus on protecting and optimising organisations’ IT systems based on uniform versions of solutions.”

The research also found that 86% of enterprises enforce strong password procedures such as complexity, rotation or two factor authentication.

One in ten respondents admit they have printed sensitive work documents without destroying the documents after use.

Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Link image
In the world of IT strategies, data resilience is among the most critical
The value of data in 2020 cannot be overstated, with some businesses facing catastrophe if subject to a breach. Here's why having a robust strategy to prevent this is crucial.More
Story image
A third of millennials think they're 'too boring' to be victim of cyber attack
While many millennials are concerned at how their data is being used and whether they are being targeted by cyber-attackers, according to Kaspersky any potential action taken to tighten their online security is at ‘the bottom of their to-do list’.More
Story image
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Link image
How to prioritise metrics as an e-commerce CTO
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metricsMore
Story image
InfoTrust named Mimecast’s A/NZ Growth Partner of the Year
The award reflects InfoTrust’s customer-centric approach with a focus on optimising ROI for customers’ security investments, the company says.More