BalaBit survey reveals security shortcuts taken by ‘privileged users’ during the festive season
A combination of irresponsible user behaviour and weaknesses in the protection of networks will create more data breach risks during the holiday period than at any other time.
This is the assertion from a survey of ‘privileged users’ by BalaBit, an IT security innovator specialising in log management and advanced monitoring technologies.
Lack of authentication
With the festive season approaching, most respondents, (70%) still expect to use the holidays to connect to their work’s network or check in on emails, with more than a third (39%) logging on to access emails several times a day. However, while the majority of respondents, 72%, have used their own, a friend’s, colleague’s, or a public device to connect to the network during their holiday, 38% of users have not been asked for extra levels of authentication when connecting to the company network from a device that has not been registered.
The survey also reveals that some executives sidestep basic security measures during their time off. One in seven respondents (14%) have shared personal access details – their user name or password – with a colleague. Going against best practice on password protection, the same number of respondents have shared their password on the phone so that a colleague so could complete an urgent task on their behalf.
Around a third of all respondents surveyed, 35%, also admitted that they have not changed their password immediately after they have given it to someone else. Personal relations appear to play a role in this with a fifth of respondents admitting they had done this, as they trusted that person.
Zoltán Györkő, CEO of BalaBit, said: “With the holiday season approaching, it can be a prime time to catch up on any unfinished tasks and many of us need to check in on emails when we’re out of the office. However this survey highlights some worrying lapses in the protection of personal information during holidays. Whilst we’re relaxing at home, we can sometimes use the easiest route to complete a task, which means that security is compromised. Of course, we need to allow executives to do their job even if they’re not in the office, but organisations need to support them to do this in a secure way and which protects the integrity of sensitive company data.”
The survey was conducted with 269 users with high privilege rights, comprising: IT security consultants, C-level: CEO or CISO or CEO, operations managers, system administrators and other IT professionals.
Are you an Internet security know-it-all? Take our quiz!