And 65% of employees who work in offices skip security protocols arranged by the company, with the aim of prioritizing productivity and having fewer complications in their daily tasks. Among the steps they take to do this are using personal devices as WiFi hotspots and forwarding work emails to personal accounts. In addition, 63% use a corporate device to access social networks, communicate through messaging or access entertainment sites or use entertainment applications.
This has been reflected in a report by the access and identity management company CyberArk, which also confirms that 80% of office employees access work applications from personal devices that often lack security controls. suitable. And among those who skip all protocols the most are high-level managers.
Security privileges are not only in the power of IT administrators, since 40% of those who responded indicated that they regularly download data from their clients, a third have been able to change critical or sensitive data, and just over 30 % can approve large financial transactions.
In addition to this worrying data, 36% do not agree to immediately install security patches or security updates on their personal devices, and just over 26% do not always use a VPN when accessing work resources.
49% of those who participated in the survey used as the basis for preparing the report use the same access credentials to enter several work applications, and 36% use the same access credentials for work services and applications and personal. 52% have shared confidential information about their work with third parties unrelated to them.
Furthermore, 35% use personal external storage services to store and share work-related information with third parties, and 30% share work-related passwords and access credentials with their colleagues. 72% use generative AI tools, which can add more vulnerabilities when, for example, data is provided. And 38% of workers never, or only sometimes, follow rules on managing sensitive information when using AI tools.
The results of the survey, conducted among more than 14,000 employees at all levels and from companies in all sectors in several countries, reveal important information on worker behavior, as well as data access patterns. And in light of the report’s data, security teams must rethink how identity security controls are applied to workers.
The combination of worrying measures employed by employees, and the ability of attackers to steal information and exploit or steal browsing history significantly increases the risk for companieswho can increase their level of protection by implementing an identity security program with dynamic privilege controls at each user entry point, without this being associated with an increase in access problems and difficulties in daily work.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25408591/STK051_TIKTOKBAN2_CVirginia_B.jpg)
