SecuriSync, I ntermedia AppI D, HostPilot, and Office in the Cloud are either registered trademarks .... personal cloud
Results and findings Intermedia’s 2015 Insider Risk Report
Learn more at Intermedia.co.uk/RiskiestUsers
Overview and Methodology Intermedia’s 2015 Insider Risk Report looks at the security habits of 2000+ office workers according to age, role, industry and other groupings. The findings fly in the face of conventional wisdom: the most tech-savvy employees are the ones most likely to create risk.
SecuriSync, Intermedia AppID, HostPilot, and Office in the Cloud are either registered trademarks or trademarks of Intermedia.net, I nc. in the United States and/or other countries. Office 365, OneNote, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Google Analytics, Google Apps are, G oogle Drive, and G oogle Keep are either registered trademarks or trademarks of G oogle Inc. Intuit and QuickBooks are registered trademarks of Intuit I nc. McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Imperium, RelevantID, and Verity are either registered trademarks or trademarks of I mperium L LC in the United S tates and/or other countries.
Methodology •
10 minute online survey instrument (approximately 34 total questions)
•
Field dates: August 4th - August 6th 2015
•
2031 total responses (1022 United Kingdom, 1009 United States)
•
Overall margin of error of +/- 2.17% at a 95% confidence interval
Survey respondents provided by Precision Sample •
Precision Sample has an active proprietary panel of over 3.5M respondents
•
Their panel is routinely validated with a stringent screening process including Verity® and RelevantID® by Imperium®.
Security Habits by Job Function “It’s nearly always the case that technical people are the worst offenders.”
Richard Walters VP of Identity and Access Management, Intermedia
IT Professionals vs. All Functions
• Using shared login/passwords. 65% of IT professionals share web logins with multiple users (vs. 46% across all functions).
Is it OK to install applications on your computer without consulting IT? Yes
No
• Using personal passwords.
73%
Of IT professionals, 52% use their personal passwords for business apps (vs. 40% across all functions).
• Sharing logins and passwords.
59%
41%
32% of IT professionals have given their login/password to other employees (vs. 19% across all functions).
27%
IT Professionals
All Respondents
IT Professionals vs. All Functions What kind of access do IT Pros retain—and how do they use it?
• Taking data. If it could positively benefit
If you were to leave your current job…
them, 31% of IT professionals would take data from their company (vs. 1 2% across all functions).
• What will you do when you leave?
21% of IT pros say they would access company information after they leave their current job (vs. 6% across all functions).
• Ex-‐employee access. 28% of IT
professionals have accessed information after they left their previous position (vs. 1 3% across all functions). Of the information that IT professionals still have access to from their previous job, 46% of it is confidential (vs. 2 6% of content available to all r espondents).
All Respondents
IT Professionals
25% 21% 20%
16%
14%
15% 10% 5%
12% 6%
6%
7%
11% 6%
5%
3% 1%
0% I would log I would access I would I would share I would delete I would alter into company company company company download or company services information copy company information information information information with others
“This ex-‐employee access is really scary. What are they walking away with when they leave? If they go to a competitor, what kind of damage can they do? Usually they delete stuff when they leave, which is dangerous enough—but it’s really bad if they can come back a few months later. Especially if it’s IT people with that access. That bothers me the most.”
Felix Yanko President, ServNet
IT Professionals vs. All Functions What kind of access do IT Pros retain—and how do they use it?
Which systems from your previous job can you still access? 29%
27%
All Respondents 20%
18%
4%
Back-end IT Corporate CRM software Email (e.g. systems social media (e.g. Office 365, (Server (e.g. Salesforce, Google Apps, access, AWS, LinkedIn, SugarCRM, Intermedia) Security Twitter, Zoho CRM) tools) YouTube, Facebook)
File servers
15%
14%
13%
11%
10% 6%
20%
19%
18%
17%
13%
5%
IT Professionals
11%
9%
9% 4%
5%
Financial HR software tools (e.g. or apps (e.g. Magento, WorkDay, Intacct, Intuit) Quickbooks)
4%
Intranet
Marketing tools (e.g. Marketo, Pardot, Eloqua, Hubspot)
5%
4%
6%
6%
3%
Phone Project Sales Web tools service, management automation (Drupal, including software (e.g. systems (e.g. Wordpress, international Basecamp, Infusionsoft, Google and Clarizen, NetSuite) Analytics) conference Workfront) bridges
Voice mail
Security Habits by Age “I’m surprised that Millennials are less secure than Gen Xers and Baby Boomers. I would think Millennials are more sophisticated. They grew up with all this technology. They should have better habits.” Jonathan Levine CTO, Intermedia
Millennials, Generation X and Baby Boomers+ Comparing personal security habits by age group
• Personal passwords. Over 50% of Millennials use personal passwords for business applications (compared to 3 8% of Gen X and 3 2% of Baby Boomers).
Which of the following have you done at your current job? Millennials
• Password reuse. 57% of Millennials use the same
Generation X
Baby Boomers
51%
password across multiple business applications (compared to 47% of Gen X and 4 2% of Baby Boomers).
• Shadow IT. 41% of Millennials think it’s OK to install
applications on their work computer without consulting IT (compared to 24% of Gen X and 1 3% of Baby Boomers).
61%59%
33%
24% 16%
28%
16% 10%
30%
28%
25% 22%
18% 7%
• Unsanctioned file storage. Millennials are
nearly three times as likely to save company files to their personal cloud storage accounts as Baby Boomers (28% for Millennials, 16% for Gen X, 1 0% for Baby Boomers).
Saved company files onto a personal device (e.g. Thumb drive, smartphone or tablet)
Saved company Used a personal Emailed Deleted email files to your note-keeping company messages from personal cloud service (e.g. information to a your Sent or storage service Evernote, Google personal email Trash folders (e.g. Dropbox, Keep, One Note) address Box, or Google Drive)
Millennials are defined as 18-‐34 years o ld, Generation X as 35-‐54 years old and Baby Boomers+ as 55 and o lder
“Here’s a data point: some kids in my community got taken to jail because they bullied a kid on Twitter. It’s an illustrative example of how Millennials interact with technology without thinking of consequences. Their first experience is that ‘tech = fun’. They don’t equate technology with anything serious or consequential. “On the opposite end, think of your grandparents. My grandmother looks at technology as something scary. She’s certainly not going to be careless with it. Our grandparents aren’t lighting up Facebook with photos of their Salisbury steaks for a reason.” Ryan Barrett VP of Security and Privacy, Intermedia
Millennials, Generation X and Baby Boomers+ How do different age groups behave when leaving a job—or after they’ve left? • Taking data when leaving a company. Almost 1 in 4 Millennials said they would take data from their company if it could positively benefit them (23% vs. 12% of Gen X and 5 % of Baby Boomers).
• Ex-‐employee access. 44% of Millennials still have
access to applications or systems from their previous job(s) (vs. 3 0% of Gen X and 1 6% of Baby Boomers). Of those, 39% of Millennials say the information they have access to is confidential (vs. 2 6% of Gen X and 14% of Baby Boomers).
• Deleting information from former employers. 10% of Millennials deleted information from their previous job (vs. 8 % of Gen X and 7 % of Baby Boomers).
• Accessing information from previous jobs. 22% of Millennials have accessed information from their previous job (vs. 1 2% of Gen X and 5 % of Baby Boomers).
Security Habits by Employment Duration “It’s just human nature. The longer you’ve been in a profession, the more you tend to relax your guard. You grow apathetic.” Eric Aguado COO, ThrottleNet
New Employees vs. Tenured Employees Comparing the security habits of new vs. tenured employees
Which of the following have you done at your current job?
• Using p ersonal p asswords. 42% of tenured employees use personal passwords for business applications (vs. 36% of new employees).
New Employees
• Password s ecurity. 37% of tenured employees keep hard copies of passwords (vs. 23% of new employees).
Tenured Employees 50%
• Sharing p asswords. 23% of tenured employees shared passwords/logins with co-‐workers, compared to 9% of new employees.
26%
26% 21%
• Shadow IT o n your d esktop. 29% of tenured employees think it’s OK to install applications on their work computer without consulting IT (vs. 23% of new employees). • Shadow IT o n the web. 25% of tenured employees say they or their team have deployed free or paid web apps without consulting IT (vs. 13% of new employees).
60%
16%
20% 13%
16%
7%
Saved company Saved company files onto a files to your personal device personal cloud (e.g. Thumb drive, storage service smartphone or (e.g. Dropbox, tablet) Box, or Google Drive)
Used a personal Emailed company Deleted email note-keeping information to a messages from service (e.g. personal email your Sent or Trash Evernote, Google address folders Keep, One Note)
New Employees have worked in their current jobs under one year. Tenured Employees have been with their current company for at least seven years.
New Employees vs. Tenured Employees How do employees behave with data when they’re leaving—or after they’ve left? • Taking company d ata. Given the right circumstance, 44% of tenured employees would copy confidential information from their current company when leaving (vs. 33% of new employees). • Ex-‐employee access. I f they left their current job today, 9% of tenured employees would access their company’s info after they left (vs. 1% of new employees). • Altering o r d eleting information when leaving. 33% of tenured employees would alter or delete confidential information when leaving their current job under certain circumstances (vs. 27% of new employees).
“A lot of companies don’t have dynamic security policies. The policies don’t change much. They don’t refresh the training. So they gradually become irrelevant. “If you don’t make the corporate tools evolve in lockstep with the consumer tools, then people learn from the consumer tools and try to figure out ways around corporate restrictions. I n addition, there’s a certain amount of, ‘Well, I’ve pushed to the edge of the rules and nothing happened, so I can push a bit more.’”
Jonathan Levine CTO, Intermedia
Security Habits by Industry “The biggest vulnerability businesses face, by far, is using the same password in multiple systems. Unfortunately, tech people have more systems than the other industries.” Martin Dunsby CEO, Hybridge, Inc
Industry Comparisons • Shadow IT o n PCs. 48% of employees in the technology industry indicated that they think it’s OK to install applications on their work computers without notifying their I T department (vs. 29% across all industries). • Ex-‐employee access. Only 43% of employees in the technology industry said that they would not access, share, alter or delete information from their current jobs if they were to leave today (vs. 67% across all industries). • Shared logins/passwords. 67% of technology employees indicate that they access web applications using a shared password/username with other coworkers (vs. 49% across all industries).
Do you use shared passwords/ logins at work? (sorted by industry) Government/Politics/Utilities Other Printing/Publishing Education Financial Services … Healthcare/Pharmaceuticals Average Across All Industries Architecture Manufacturing/Production Engineering Retail Construction Legal Media/Telecommunications Marketing/Advertising/Public Relations Business Services/Personal Services Management Consulting Technology (Software, Products, …
32% 37% 39% 42% 43% 46% 49% 50% 54% 55% 56% 57% 58% 59% 62% 65% 65% 67%
Industry Comparisons • Taking data. 26% of respondents from the
Technology industry said they would take data from their company if it could positively benefit them (vs. 15% overall).
• Shadow IT. 45% of respondents from the
Technology industry said they have deployed free or paid web apps without consulting their I T team (vs. 23% overall).
• Altering/deleting company data. Only 38% of respondents from the Technology industry said they would not alter or delete confidential or propriety information when they leave their current job (vs. 54% overall).
“At the high level, a lot of what is called ‘Shadow IT’ comes from the mindset of traditional IT, which is to ‘lock stuff down because users can’t be trusted to make good decisions.’ It’s just a power trip by IT. It makes IT an adversary not a partner, and it erodes respect for the rules. “Shadow IT is an indictment of traditional IT being too slow to provide users with the services they need. Traditional IT forces users to go to Dropbox and apps like that. If IT doesn’t want users to use outside apps, they should provide better alternative solutions.”
Martin Dunsby CEO, Hybridge
Security Habits by Company Size “I was surprised that there wasn’t a correlation between company size and security habits. Larger companies have more to spend on IT and security, so you would expect them to be more locked down than smaller companies.”
Felix Yanko President, ServNet
Small, Medium & Large Companies Comparing personal security habits by company size • Using personal passwords. 3 4% of employees at small companies have used their personal passwords for business applications (vs. 4 4% at Medium and 4 5% at Large). • Reusing passwords. W hereas over half of all employees at medium (53%) and large (51%) companies reuse passwords across multiple business applications, 45% of employees at small companies have done same. • Using unsanctioned cloud storage. 1 6% of employees at small companies have saved company files to a personal cloud storage service (vs. 2 3% at Medium and 2 1% at Large).
Which of the following have you done at your current job? 59%
Large
26% 28% 27%
Medium
Small
56% 56%
31% 21% 23%
21% 22% 16%
26% 25% 17%
Saved company files Saved company files Used a personal noteonto a personal to your personal keeping service (e.g. device (e.g. Thumb cloud storage service Evernote, Google drive, smartphone or (e.g. Dropbox, Box, Keep, One Note) tablet) or Google Drive)
Emailed company information to a personal email address
Deleted email messages from your Sent or Trash folders
Definitions: S mall = 1-‐50 employees • Medium = 51-‐500 employees • Large = 500+ employees
Small, Medium, Large Companies How are employers educating/assisting their employees?
• Training offered yearly. 52% of employees at small companies say their companies provide security training at least as often as once a year (vs. 6 8% at Medium and 7 5% at Large).
• Training attended at all. 55% of employees at
small companies have attended/received security training with their current company (vs. 7 0% at Medium and 8 0% at Large).
• Employer-‐provided single sign-‐on. 32% of employees at small companies have employer provided SSO solutions (vs. 5 0% at Medium and 5 0% at Large).
“Employees feel that the things they’ve made on the job are things they own, and they try to take it with them. Companies need to understand that intellectual property is company property—and they need to protect their property. “People are always trying to protect against external threats, so they don’t realize that internal threats have to be considered as well. Companies take internal threats very lightly, and don’t give them enough consideration. Look at all the people in this survey who delete stuff or try to get stuff after they’ve left— internal threats are a very real threat.”
Mike Maendler CEO, Technology & Beyond
Small, Medium, Large Companies How do employees behave with data when they’re leaving, or after they’ve left?
If you left your current job…
• Deleting information when departing. 31% of employees at small companies indicate that they would alter or delete confidential information when leaving their current jobs (vs. 3 5% at Medium and 3 4% at Large).
• Taking data. If it would positively benefit
them, 10% of employees at small companies would take data from their company (vs. 1 9% at Medium and 1 6% at Large).
• Ex-‐employee access. 26% of employees at
small companies who had access to work related applications at their previous jobs have accessed, altered, deleted, or copied information. (vs. 3 3% at Medium 33% and 3 0% at Large).
Large
10% 10%
10%
Medium
Small
9% 8%
7%
8% 7% 7% 6%
5%
6% 5%
4% 3% 2%
2% 1%
I would I would share I would delete I would alter I would log I would access download or company into company company company company services information copy company information information information information with others
Overall Demographics
Overall Demographics 31%
27% 20%
Administrative / clerical
11%
8%
Consultant
25-34
35-44
45-54
55-64
17% 14%
14%
14%
7%
Facilities
2% 6% 1% 4%
Finance
65+
HR
Company size
2% 17%
IT Legal
1% 9%
Management
12%
12%
17%
Customer support
3% 18-24
Job type
Age of respondent
Marketing 7% 2.17%
2%
Operations
9%
Professional services
9%
R&D Sales Other
1% 6% 13%
Overall Demographics (continued) Architecture
Industry
1%
Business Services/Personal Services
6% 4%
Construction
13%
Education 3%
Engineering Financial Services…
8% 7%
Government/Politics/Utilities
11%
Healthcare/Pharmaceuticals Legal Management Consulting
2% 1%
Manufacturing/Production Marketing/Advertising/Public Relations Media/Telecommunications Printing/Publishing
7% 1% 2% 1% 11%
Retail Technology (Software, Products, Services, Manufacturing, … Other
8% 14%
So what do you do about your #RiskiestUsers?
First, educate yourself.
See the 5 most common bad security habits
Get best practices for improving your security
Intermedia.net/RiskiestUsers/Top5
Intermedia.net/RiskiestUsers/BestPractices
Next, deploy the right tools (page 1) ®
®
®
SecuriSync® backup and file sync
Intermedia AppID® Single Sign-On
Active Directory
McAfee® Data Loss Prevention
Deters shadow IT • Prevents insecure file storage and transfer • Protects company data from being lost • Prevents data theft and ex-employee access.
Prevents ex-employee access • Deters insecure password practices because users don’t have to remember their passwords.
Protects against ex-employee access by enabling you to disable access to all your Intermedia services with just one click.
Helps prevent the spread of malware and avoid data breaches caused by employees accidentally or intentionally sharing sensitive data.
Learn more at Intermedia.co.uk/OfficeInTheCloud
Next, deploy the right tools (page 2)
®
E Intermedia AppID® Enterprise
Email Archiving
HostPilot Control Panel
App Shaping and Audit Trail features help prevent unauthorized access and data breaches, avoid misuse of data, and facilitate compliance
Ensures company data stored in email cannot be intentionally or accidentally deleted.
Offers remote wipe of devices to prevent data theft • Reduces the risk of poor password practices by letting you set policies regarding password length and complexity for Intermedia services.
Learn more at Intermedia.co.uk/OfficeInTheCloud
Intermedia can help improve user security Intermedia is a one-stop shop for 30 cloud business applications. Our Office in the Cloud™ integrates a number of products that can improve the security habits of your users. Talk to an Intermedia representative about improving the security practices of your users with Intermedia’s Office in the Cloud. Call +44(0)20 3384 2158 or visit Intermedia.co.uk.
JOIN THE CONVERSATION Follow @intermedia_co.uk or discuss your experience using the hashtag #RiskiestUsers.
Intermedia.co.uk/RiskiestUsers
SecuriSync, Intermedia AppID, HostPilot, and Office in the Cloud are either registered trademarks or trademarks of Intermedia.net, I nc. in the United States and/or other countries. Office 365, OneNote, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Google Analytics, Google Apps are, Google Drive, and Google Keep are either registered trademarks or trademarks of G oogle Inc. Intuit and QuickBooks are registered trademarks of I ntuit Inc. McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Imperium, RelevantID, and Verity are either registered trademarks or trademarks of I mperium L LC in the United States and/or other countries.
![Barriers to Abortion Access in Croatia - Bitly [PDF]](https://m.moam.info/img/260x300/barriers-to-abortion-access-in-croatia-bitly-pdf_6479e14c098a9ee37d8b4687.jpg)
