Cybersecurity strategy has topped the priority list for CIOs, since best practice steps are being ignored by employees despite knowing the risks and potential impact on the organizational networks
Ever since remote working has become the de facto norm for business continuity, IT leaders put special emphasis on following cybersecurity best practices. With increasing cases of identity theft, unauthorized access, security breaches since the implementation of the remote work environment, employees were expected to practice better judgment. However, the laxity of judgment by employees is still being observed in many companies.
Techrepulic.com stated that in a survey conducted by security firm Trend Micro, 72% of
the CIOs state that employees have gained a better awareness of cybersecurity and 81% of
employees acknowledged that security strategies are effective only when properly implemented. The survey highlighted the gap between awareness and implementation of measures by employees and IT professionals.
CIOs in the survey state that 56% of the employees used a corporate device to get access to non-work applications, and over 66% have uploaded sensitive professional data to the application. Employees are already aware of the security complications arising from using an official device for non-work related activities.
Thirty-nine percent of the employees have used a personal device to access the work platform, the definite cause of workplace security breach. CIOs state that nearly 80% of professionals use the official device to browse for a personal need and a mere 39% limit or monitor the kind of websites being accessed.
IT leaders state that employees are ignoring the IT security teams’ advice if they think their job gets completed faster by taking a shortcut. Over 34% of the employees do not stop to consider if the app being used is IT approved or not, just so long as the work is completed in a shorter time. Around 29% of the employees have admitted to implementing non-work applications that haven’t been approved by the Security team as they considered the approved solutions to be ineffective.
CIOs acknowledge that simply forcing the employees to attend general cybersecurity training is of no use, customized training programmers need to be developed which service to the particular product or module they are working with.
New threats with the return to the office environment
Corporate IT security leaders state that a fresh round of phishing emails was uncovered as more employees return to work. Only 37% of the employees from Trend Micro’s survey were capable of identifying and reporting malicious emails. CIOs stated that around 48% of the employees were in a hurry to sort through the unread mails so that they could get back to business, which has resulted in security vulnerabilities. Security leaders now plan to conduct security refresher training to on-premise employees.