Cybersecurity Risk: The Number of Employees Circumventing IT Security May Surprise You
The findings detail a complex security balance between IT teams and users; especially in the era of remote work and large-scale virtual collaboration.
Last month, cybersecurity firm Hysolate released a report on the “Corporate Security Paradox,” highlighting challenges associated with IT freedom while ensuring strict security procedures. The results detail a complex balancing act between IT teams and network users. Calibrating this balance is especially difficult in the era of remote working, as employees connect and collaborate virtually through a multitude of digital solutions.
“COVID-19 has greatly exacerbated things as the need to collaborate remotely has increased dramatically. Typical collaboration tools (shared documents, video conferencing, chat, etc.) are often blocked by corporate IT restrictions, which hinders such collaboration,” said Marc Gaffan, CEO of Hysolate.
SEE: Security Incident Response Policy (TechRepublic Premium)
Reconciling security and user experience
Overall, the Hysolate survey found that virtually all employees (93%) “work around IT restrictions”, and only 7% said they were “satisfied with their company’s IT restrictions”. Interestingly, this information on IT workarounds does not meet the expectations of security and information technology managers. For example, security managers believed that 43% of users “mostly worked around IT restrictions” and IT respondents believed that 23% of users worked “mostly around IT restrictions”, according to The report.
One of the biggest factors behind employees working around IT teams has to do with company policies blocking access to particular websites, Gaffan said.
“Most of these websites are perfectly legitimate and bound to do their job, but are still banned due to company restrictions,” he continued.
“Additional factors behind these workarounds include” external collaboration with third parties who are legitimate business partners, but due to company restrictions, employees cannot share files or use other collaboration tools online,” Gaffan explained.
SEE: How to Manage Passwords: Best Practices and Security Tips (Free PDF) (TechRepublic)
As part of their work duties, 90% of employees “have required computer activities” that they would describe as “risky”, according to the report, the main situations including “installation of unauthorized applications”, “giving developers a sandbox environment” and “use endpoints for personal activities.”
Strengthen IT freedoms
Part of the report focuses on supporting users with increased computing freedoms and the impacts of implementing these strategies. Virtually all respondents (87%) said they “seek to increase employee IT freedom,” and the top positive impacts of implementing these strategies include increased employee productivity, increase in “employee sentiment”. [toward] IT policies” and reduced employee frustration, according to Hysolate.
“Downsides are usually related to security issues,” Gaffan said. “These concerns include both the risks of malware infiltrating enterprise systems that could lead to data theft and ransomware attacks, as well as issues of exfiltration of enterprise data that may contain information sensitive.”
To support greater IT freedom, Gaffan said “enterprises can use a variety of isolation technologies.”
“This would allow users to freely browse the web, install applications, and use USB devices in an isolated environment on their PCs without compromising corporate security,” he continued.