em360tech image

Employees are engaging in risky cyber behaviour that could harm businesses, according to study conducted by US security company OpenVPN. The report concluded that employees are “a company’s greatest asset - but they’re also a company’s greatest security risk.”

OpenVPN questioned 500 full-time US workers about their cybersecurity habits. The provider of next-generation communication services declared that “cybersecurity breaches are a matter of ‘when’ not ‘if’” in a blog post detailing the results of the survey.

Last week, Centrify presented a similar report into Security, Privacy and the Next-Generation Workforce at their London press release. The firm interviewed 1,000 UK office workers aged 18-24 alongside 500 UK Senior Decision Makers to explore the age gap in perceptions of cybersecurity.

Centrify found that 14% of UK managers had logged onto a risky website, and 7% of those in the next-generation workforce had made the same mistake. OpenVPN’s equivalent report indicated that an alarming 23% of US employees frequently click on unsafe links.

OpenVPN reported that 25% of US employees use the same password for everything, and younger workers in the UK also illustrated an alarming disregard for password security. 14% of Centrify’s respondents admitted to using the same password across personal and professional devices, but they also said that only 40% of their managers enforced a regular password change at work.

User adoption of password security is also lagging in the US. OpenVPN found that 62% perceive biometric passwords as stronger than traditional alphanumeric codes in theory, but only 55% of employees actually implement them in practice.

US employees are also reluctant to discard voice-activated digital assistants, despite 24% of them recognising their innate potential for security breaches. Only 3% stopped using their Alexas and Google Homes out of fear of hacking.

Centrify recommends that decision makers address security issues by putting technical controls in place, refining security policies, and communicating them effectively to employees. OpenVPN concluded that businesses “often overlook the role their own employees play in exposing vulnerabilities from inside an organisation”, and added that "organisations have to be ready to address hackers head on.”

From these reports, it is evident that both the UK and US are experiencing similar issues when it comes to keeping their companies safe at night. If managers are able to demonstrate a commitment to security through their own policies and actions, perhaps employees will be inclined to follow.