Security Awareness Not Translating to Accountability

By: Absolute Editorial Team | 5/29/2015

This month, we released the findings of our 2015 US Mobile Device Security Report showing that there are clear differences in generational behavior and risks to data security. Our report showed that Millennials (age 18-34) as a group pose the greatest risk to data security; this age group was most likely to modify default settings, use a work device for personal use, or access “not safe for work” content ranging from online banking and shopping to public WiFi and file sharing.

Stephen Midgley, vice president of Global Marketing for Absolute Software, recently expanded on our report with eWEEK. In the interview, Stephen talks about how 50% of employees still believe security is not their responsibility, despite the fact that mobility has democratized IT in so many other ways.

"The surge in mobile devices has empowered users to be more flexible and efficient, but it also means an increased number of attack surfaces for the organization. With sensitive data accessible from and stored on these devices, every employee should feel a responsibility when it comes to protecting IT security.”

Our survey revealed that, despite many risky behaviors going on, employees have a better understanding of the value of data now than they did two years ago. Right now, only 23% of employees believe corporate data on their device is worth less than $500, when in 2013 that figure was 59%. The reality is that the cost of a data breach is often millions of dollars.

"It was a pleasant surprise to see that employees are becoming more attuned to the perceived value of this lost data," Midgley noted. "With major cyber-attacks and security breaches making front page news, employees are becoming more conscious of the value that data has in the hands of cyber-criminals. This is a critical step in how organizations evolve their security policies to convert this awareness into deeper accountability among staff."

Despite this growing awareness of the value of data, we still found it troubling that only 30% of respondents believe there should be no penalty for losing data - clearly they do not take their responsibility for protecting corporate data seriously. In the article on eWEEK, Stephen outlines the importance of balancing people and process with technology:

"This can include dropping non-compliant devices from accessing the corporate network through to the deletion of data on a device that’s been stolen. But even the best technology can be defeated by human error, so increased communication, education and training in the workplace will be required to help crystallize the importance of security practices."

To learn more about how Millennials are putting corporate data at risk, download the 2015 US Mobile Device Security Report

Financial Services