Connect with us

Hi, what are you looking for?



Security Challenged by Users Who Break Rules

Two new surveys separately shine a light on a security issue technology can’t easily patch – users who don’t follow the rules. 

Two new surveys separately shine a light on a security issue technology can’t easily patch – users who don’t follow the rules. 

According to findings by security vendor BeyondTrust, 28 percent of employees admitted putting their digital hands on data not relevant to their job. The survey fielded responses from 265 IT decision makers, including security managers and network and systems engineers across a number of industries.

According to the findings, nearly one-quarter identified financial reports as the data accessed. Of particular interest to those employees were salary details, HR data and personnel documents. For the most part (80 percent), respondents felt that it was at least “somewhat likely” that access sensitive or confidential out of simple curiosity.

“Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly,” said Brad Hibbert, EVP of product strategy at BeyondTrust, in a statement.

This type of questionable behavior by users can also be seen when it comes to the bring-your-own device trend. In a survey of 3,200 mobile device owners between the ages of 21 to 32 working full-time, Fortinet discovered that 51 percent stated they would contravene any policy in place banning the use of personal devices at work or for work purposes. The survey also found that 14 percent of the respondents would not tell an employer if a personal device they used for work became compromised.

Advertisement. Scroll to continue reading.

Besides getting around BYOD policies, many participants also had a similar attitude towards using the cloud. Thirty-six percent of respondents using their own personal cloud storage like DropBox accounts for work purposes said they would break any rules brought in to stop them – something with problematic implications potentially because 33 percent of those that use cloud storage services store customer data there, while 22 percent store critical private documents like contracts and business plans.

“It’s worrying to see policy contravention so high and so sharply on the rise, as well as the high instances of Generation Y users being victims of cybercrime,” said John Maddison, vice president of marketing for Fortinet, in a statement. “On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.