Part 3 of Intermedia’s new 2017 Data Vulnerability Report finds office workers often ignore data security best practices, putting themselves and their employers at great risk
Intermedia, a leading cloud business solutions provider, today released Part 3 of its 2017 Data Vulnerability Report, which examines the security behavioral habits of more than 1,000 office workers in the United States. Almost all (99%) of the professionals surveyed admitted to conducting at least one potentially dangerous action, from sharing and storing login credentials to sending work documents to personal email accounts.
Office workers prioritize personal convenience over security protocols
Lost or stolen data can significantly impair an organization, and the impact is only getting worse as the frequency and sophistication of cyberattacks increase. In 2017, the average size of data breaches grew to include more than 24,000 records. Yet when it comes to storing and sharing data, and saving login credentials, Intermedia’s Data Vulnerability Report shows that, despite nearly one quarter (23%) of employees worrying that someone outside of their company could hack or access files due to an email breach, employees continue to ignore best practices opting instead for more convenient, and riskier, practices. For example:
- Roughly 1 in every 4 office workers (24%) reuse the same login credentials for their work and personal accounts
- Nearly all (96%) office workers automatically save work passwords on their work computer, instead of routinely entering login credentials
To compound the issue, office workers also continue to save files and store data in easily accessible places, as evidenced by the following:
- More than half (57%) of office workers admit to storing work files on their desktop or in desktop folders
- One-third (34%) say they store work data on personal file sync and share services, a significant increase from the 12% who reported doing this in 2015
The use of personal file sync and share services puts valuable data outside of the organization’s security practices and, thus, the company’s control. Saving data onto the desktop often means a lack of backup altogether. Both practices leave data unnecessarily vulnerable, making it very hard to recover files if they are compromised. And while many companies will run separate endpoint backup, this approach introduces extra costs and management overhead.
While employees may find these practices to be more convenient, they leave their organizations and networks more susceptible to cyberattacks. Considering that market researcher Cybersecurity Ventures predicts worldwide cybercrime damages will increase to $6 trillion annually by 2021, with risky employee behaviors helping to fuel that rise, it's clear that there is a great deal of education, as well as sweeping changes to habits, policies, and procedures, that must take place.
File backup – easy to do but often overlooked
While office workers may be aware of the risks and data threats that exist, it’s not stopping them from changing their daily habits when it comes to file backup.
“While widespread ransomware attacks, hardware failure, and natural disasters are all serious threats to an organization, the biggest security threat comes from the inside,” said Jonathan Levine, CTO at Intermedia. “When employees do not properly back up files, choose to use the same password across multiple accounts, or send confidential materials to their personal accounts, their companies are left exposed and vulnerable not only to data loss, but to serious financial and legal implications as well.”
Levine continues, “Employees want to do the right thing, but sometimes don’t know how, or the tools they are given to do so are often hard or cumbersome to use. As our latest study shows, organizations need to recognize that getting employees to change their behavior won’t happen overnight. Instead, companies need to offer solutions that protect confidential information with minimal impact on an employee’s daily workflow, such as automated backup and 2-factor password requirements. The most effective security measures are often ones that employees don’t even know are in place.”
Employees increasingly share confidential company documents via unsafe ways
A particularly worrisome trend is the growing amount of proprietary data and intellectual property that employees are passing back and forth between their work and personal accounts. While this is most common when an employee leaves a company, current employees also engage in this behavior, increasingly putting companies at risk and vulnerable to data loss. Intermedia’s latest report found that:
- Accessing materials after leaving a company is on the rise, especially in IT:
- One-third (34%) of office workers report accessing work materials after leaving a company, compared to 12% in 2015
- 49% of office workers in IT departments admit to accessing work materials after leaving a company, compared to 28% in 2015
- Employees pass secure data back and forth at least once a week using unsafe methods:
- On average, nearly two-thirds (64%) of office workers email a work document to their personal email at least weeklyexposing confidential data to even more threats. And they aren’t just sharing emails or memos. These materials include:
- HR-related information (22%)
- Customer information (19%)
- Company’s strategic information (18%)
“The research indicates that the most vulnerable security breach vector within an organization is your employees,” said Joshua Sharfman, Intermedia customer and Chief Technology and Innovation Officer at California Association of REALTORS®. “For example, they may get lazy with passwords and reuse credentials. They may not be mindful of emails or not vigilant when clicking on embedded links.”
Sharfman continued, “Having appropriate system policies in place is also key, and Intermedia’s technology helps us do that. I also recommend that companies block the payloads that they don’t want coming into the network because they could carry executable malware and create other ways of transporting that data. In addition, it’s important to apply proper patches and updates in a timely manner. Data security is all part of the operational expense -- and a critical one that is frequently overlooked.”
Part 3 of Intermedia’s 2017 Data Vulnerability Report provides a deeper look into the data and file sharing behaviors of office workers today and the impact their actions have on security. The report includes advice for companies on how to educate its workforce on proper file backup protocols and a checklist on how to do it right.
This report is the final part of a 3-part series that looks at the vulnerabilities organizations face from office workers behaviors when it comes to email threats, ransomware and file sharing. You can view the full report here.
This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.
Intermedia offers a broad yet tightly integrated suite of cloud applications, including Unified Communications as a Service (UCaaS), business email, file backup, sync & share, identity and access management, security, and archiving – all delivered by a single provider with one point of control. Small and medium-sized businesses want security, scalability, and someone to manage the complexities of business IT for them, and that’s just what Intermedia delivers with enterprise-grade security, a 99.999% uptime service level agreement and J.D. Power-certified 24/7 support.
With more than $200 million in annualized revenue, Intermedia serves more than 110,000 business customers and 6,500 active partners, including VARs, MSPs, distributors and telecoms. Its Partner Program enables solution providers to differentiate and increase profitability by selling under their own brand. Intermedia is a leading cloud voice service provider and the world’s largest independent provider of Exchange email in the cloud. For more information, visit Intermedia.net or connect with us on Twitter, Facebook or LinkedIn.
LEWIS for Intermedia
J.D. Power 2017 Certified Assisted Technical Program, developed in conjunction with TSIA. Based on successful completion of an audit and exceeding a customer satisfaction benchmark for assisted support operations. For more information, visit www.jdpower.com or www.tsia.com. All trademarks, service marks, trade names and product names referenced in this press release are the property of their respective owners.