Cybersecurity risk: The number of employees going around IT security may surprise you

The findings detail a complex security balancing act between IT teams and users; especially in the age of remote work and virtual collaboration at scale.

office.jpg

Image: GettyImages/Maskot

Last month, cybersecurity company Hysolate published a report about the “Enterprise Security Paradox,” highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions.

“COVID-19 has exacerbated things significantly because the need to collaborate remotely has significantly increased. The typical collaboration tools (shared documents, video conferencing, chat, etc.) are often blocked by corporate IT restrictions, which is hampering such collaboration,” said Marc Gaffan, CEO at Hysolate.

SEE: Security incident response policy (TechRepublic Premium)

Balancing security and user experience

Overall, the Hysolate survey found that virtually all employees (93%) “are working around IT restrictions,” and a mere 7% said they were “satisfied with their corporate IT restrictions.” Interestingly, this information about IT workarounds does not match security leaders’ and IT expectations. For example, security leaders believed 43% of users are “in most cases working around IT restrictions” and IT respondents believed 23% of users are working “around IT restrictions most of the time,” per the report.

One of the main factors behind employees working around IT teams is related to corporate policies blocking access to particular websites, Gaffan said.

“Most of these websites are perfectly legitimate and required to do their jobs but are still prohibited due to corporate restrictions,” he continued.

“Additional factors behind these workarounds include “external collaboration with 3rd parties that are legitimate business partners but due to corporate restrictions employees cannot share files or use other online collaboration tools,” Gaffan explained.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

As part of their work duties, 90% of employees “have required IT activities” that they would describe as “risky,” according to the report, with the top situations including “installing unsanctioned” apps, “giving developers a sandbox environment” and “using endpoints for personal activities.”

More about cybersecurity

Boosting IT freedoms

A portion of the report focuses on supporting users with increased IT freedoms and the impacts of implementing these strategies. Virtually all respondents (87%) said they “are looking to increase employee IT freedom,” and the top positive impacts related to implementing these strategies include increased employee productivity, increased “employee sentiment [toward] IT policies” and decreased frustration among employees, per Hysolate.

“The drawbacks are typically related to security concerns,” Gaffan said. “These concerns include both the risks of malware infiltrating corporate systems that can lead to data theft and ransomware attacks and also the concerns of exfiltrating corporate data that could contain sensitive information.”

To support more IT freedom, Gaffan said “companies can use various isolation technologies.”

“This would allow users to browse the web freely, install applications and use USB devices in an isolated environment on their PC without compromising corporate security,” he continued.

Also see