leowolfert - Fotolia
UK firms need to address risky user habits
McAfee calls for companies to ramp up their security culture and improve the integration of technical security controls to minimise exposure from workers
Nearly half (45%) of UK residents polled by security firm McAfee either do not check the security of their internet connection or are willing to connect to an unsecured network while travelling, a survey shows.
That is despite the fact that more than one-third (38%) consider their personal information to be less secure when travelling compared with when they are at home, according to McAfee’s research.
With 43% of respondents spending more than an hour a day on connected devices during trips away, the survey report said it is particularly concerning to discover that network security is not being prioritised.
According to the survey, individuals are even using devices for data-sensitive activity such as checking and sending emails (56%) and managing money through a banking app (32%).
Also, almost one-third (29%) admit to using work devices while on holiday, and 15% cannot resist looking at their work email, despite work devices being connected to personal and private data through corporate cloud, email and productivity services.
The vast majority of respondents admitted they use work devices to connect to public Wi-Fi in airports (62%) and hotels (49%), potentially putting sensitive business information at risk.
“Businesses are working hard to enable staff to work collaboratively and flexibly through productivity tools and apps based in the cloud,” said Raj Samani, chief scientist and McAfee fellow. “And while it is their responsibility to ensure the appropriate security is in place, no matter where their employees are in the world, cyber security threats exist and proactive steps must be taken by those using work devices abroad to minimise the risk.”
Read more about security culture
- Cyber security awareness training programmes are sometimes perceived as an extraneous waste of time and energy, but are essential to building a strong security culture.
- DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key.
- Creating a security culture can ease tensions between developers and security professionals and raise an organisation’s cyber defence capability, according to Troy Hunt.
Organisations should recognise that this potentially risky behaviour occurs, said Samani, and in response ensure that the right security systems are in place to monitor data and flag any potential breaches.
“Many companies have too many IT security tools operating in silos and failing to communicate with each other – making it much harder to realise when systems have been subject to a breach,” he said.
In addition to repeated cyber security training for staff to increase awareness of potential cyber risks, Samani said IT teams should focus on building proactive, platform-based and integrated cyber security systems.
Using this approach, he said, security professionals can ensure that tools can communicate to identify weak spots, reduce the risk of data breaches and support the drive for a true culture of security in the enterprise – “no matter where employees are using their work devices”, he said.
Read more about security integration
- Integration of security systems and employee training recognised as key ways to reduce the growing severity of data breaches.
- Digital transformation projects and other sophisticated tech initiatives call for integrated security. IT service firms are addressing the gap between security and business teams.
- Security industry more open, integrated and collaborative, says McAfee, as shown by the adoption of its Data Exchange Layer and new collaborations through the company’s Security Innovation Alliance.
