How Cloud Users Put the Business at Risk
- 1 of
-
How Cloud Users Put the Business at Risk
As the cloud makes it easier for users to pick their own apps and services, it’s also added a larger surface for lax security practices. -
Well Equipped
On average, survey respondents use two devices for work, and half of those who use cloud-based apps for work have access to three or more IT-approved apps. -
Top Devices Deployed
Laptops: 61%, Smartphones: 51%, Tablets: 27% -
Self-Determined
One-third of survey respondents who use the cloud have downloaded a work-intended app without letting IT know. -
Over-Exposed
One-quarter of survey respondents overall manage passwords in a doc that is not password-protected. -
Precarious Posting
One-fifth keep passwords in plain sight, such as on a sticky note. -
Compromising Situation
One-fifth of devices that employees have lost were not password-protected. -
Under Educated
58% of survey respondents said their organization has never instructed them about the right way to download and use cloud apps. -
Shaky Transition
44% said their employer never told them how to securely transfer and store private corporate data. -
Ill-Informed
39% said they've never been told about the risk of downloading apps without IT's knowledge. -
Youthful Abandon
31% of Millennial survey respondents said they've downloaded apps without letting IT know, compared to 22% of Baby Boomers who have done this.
By now, CIOs and their IT teams must think that they've spent countless hours talking to their organization's employees about the inherent dangers of the Internet age. But risky user behavior is still alive and well, according to a recent survey from Softchoice. The report, titled "(Still) Careless Users in the Cloud," reveals that a significant share of professionals are downloading apps (frequently through the cloud) without informing the tech department of their actions, i.e., "shadow IT." Many put their passwords on public display, jotting them down on highly visible sticky notes. Some have lost devices with unprotected access to work data. And others manage passwords in docs which aren't—ironically—password-protected. So, regardless of how much time you've put into educating the masses, you likely should consider stepping up training efforts on acceptable device, app and cloud practices. "Risky behavior and data vulnerabilities are almost guaranteed to persist if organizations don't provide training and direction on cyber-security best practices for the apps, platforms and IT tools employees use on a daily basis," said David MacDonald, president and CEO of Softchoice. "Employees display a wide range of bad habits, from lax password security to rogue IT behavior. If something doesn't change, organizations will be placed in an extremely vulnerable position." An estimated 1,500 North American employees who use tech on the job took part in the research.