Security gaps in teleworking
The report HP Wolf Security Rebellions and Rejections highlights the pressure and tension experienced by the IT departments of companies and especially the security officers of businesses, in the time of teleworking. The friction is between cyber security departments and employees working from home.
The findings show that IT departments have been forced to put security at risk to ensure businesses run smoothly at a time of growing threats. Or even worse, their efforts to increase or update security measures for those working remotely were often rejected. This is especially true for the future workforce aged 18-24 who belong to the digital generation and feel that security is getting between deadlines leading many of them to bypass the controls.
The new HP Wolf Security report combines data from a yougov global online survey involving 8,443 employees who turned to WFH during the pandemic and from a global survey of 1,100 IT decision makers conducted by Toluna. Key findings include:
-76% of IT departments admit that security took second place so that the business can operate smoothly during the pandemic, while 91% felt pressure reducing security for the sake of running the business.
-Nearly half (48%) of younger employees (18-24 years old) surveyed saw security tools as an obstacle, resulting in nearly a third (31%) trying to bypass corporate security policies to complete their work.
-48% of the workers surveyed agreed that the obvious significant safety measures lead to a waste of time – this figure increases to 64% between the ages of 18-24.
–More than half (54%) of 18-24 year olds were more concerned about meeting deadlines than about the organisation’s exposure to a data breach. 39% did not know what the company’s security policies say or even if they existed – suggesting a growing level of apathy among younger workers.
-As a result, 83% of IT departments believe that the increase in working from home has created a “time bomb” for the breach of the corporate network.
“The fact that employees actively bypass security should worry every CISO – because that’s how violations can be born,” comments Ian Pratt, Global Head of Security for Personal Systems at HP Inc. “If security is too complicated and oppresses people, then they’ll find a way to bypass it. Instead, security should fit as closely as possible into existing standards and workflows, with technology that is simple, safe in design and user-friendly. Ultimately, we need to make safe work as easy as possible, and we can do it by integrating it into the systems from the beginning.”
The report highlights that many security departments have made efforts to restrict users’ access to keep data secure. 91% have renewed policies on safety when they work from home, while 78% have restricted access to websites and apps. However, these controls provoke reactions among users, who resent computerization, resulting in security departments feeling alienated and rejected:
37% of workers surveyed said security policies and technologies are often too restrictive. 80% of IT departments experienced a reaction from users who don’t like to control them at home. 67% of IT departments said they face complaints about this on a weekly basis.
83% of IT departments said that trying to establish and enforce corporate policies around cybersecurity is impossible now that the lines between personal and professional life are so vague. 80% of IT departments said there is difficulty in security in IT systems because no one understands their seriousness. 69% of IT departments said they felt like “gendarmes” because of the imposition of restrictions.