Senior managers and C-Suite executives from Australia’s largest organisations aren’t leading by example when it comes to protecting their organisation from security threats and data leaks according to new research from document productivity company, Nitro.
The survey of workers from Australian enterprises of 500 or more employees, found security policy non-compliance was rife with a lack of digital standardisation leading workarounds such as saving work documents on unsecured devices or using personal email accounts.
Despite the majority of enterprise businesses mandating what software (88%) and devices (91%) employees can use, the study found employees continued to create security risks by using personal devices for work (52%), sending work-related documents through personal email accounts (38%) and saving their work communications or files on devices without password protection (10%).
APAC Director of Adobe Acrobat competitor, Nitro, Adam Nowiski, said the results surprisingly showed that risky data security practices didn’t decline further up the organisational ladder with Manager to C-Suite level employees admitting negligence on par with junior workers.
“In a world where data breaches are increasingly commonplace, there remains a disconnect between the security policies at Australia’s largest enterprises and the real-world behaviours of employees,” Nowiski said.
“Security remains a top priority for CIOs and IT managers, but it requires a company-wide compliance culture to ensure procedures are followed.”
Mismatched software products and versions across organisations are causing compliance challenges with almost a quarter (23%) resorting to using their personal devices because they don’t have suitable software pre-installed and more than one-in-four employees (27%) resorting to installing unsanctioned software themselves.
“A ‘shadow IT’ environment of mismatched software and inconsistent product lifecycles makes it nearly impossible for IT managers to protect against security vulnerabilities,” Nowiski said.
“Our study revealed software standardisation is too often an overlooked tool in the CIOs kit bag for plugging potential data leaks and driving top-down culture change to an environment free of disparate solutions, inefficient processes and risky employee workarounds.”
“At Nitro, we work closely with enterprise customers to achieve such environments, providing change management support and creating practical strategies that save time, money and IT resources.”
A lack of standardisation is also causing productivity bottlenecks as a limited number of “power users” are called on to complete tasks like editing, signing or securing documents with almost a third (29%) admitting to sending files to colleagues to action because they don’t have access to the right software.
It’s a challenge the General Manager of Cyber Security from industry super fund-owned bank, ME, Samantha MacLeod recommends CIOs tackle head-on.
“Embrace the right services early before employees find their own alternatives,” MacLeod said. “Monitoring one sanctioned technology is easier than monitoring 50 non-sanctioned technologies.”
“Culture and awareness is critical to avoid one of the biggest threats facing business today, namely insider threat − both malicious and those who are untrained − or simply complicit in understanding how to operate within security guidelines.”
“Explain to staff the reasons why security compliance is enforced. Saying ‘because it’s a security issue’ is not good enough. Link the reasons to business, customer obligations and the bottom line. Use compliance as the opportunity to train and educate the business and foster internal security advocates along the way.”
“Don’t expect that your standard operating environment suits everyone’s needs. Invest in the right tools and perform the basics such as user group segmentation and data loss prevention.”