TRENDING
But who is ultimately responsible to protect
employees who used non-sanctioned apps
at work? App developers, IT departments
and end-users are at odds over who is
responsible for application security and
best practices regarding the many apps on
the phones of employees. With employees,
responsibility is low: only 41% claim
ownership for the security and protection of
non-business apps they use.
And who is that ‘someone else’ who should
be protecting users’ apps in the workplace?
Employees think security should be provided
by the app developers (20%), service providers
(17%) and their IT department (16%).
But if you ask IT decision-makers who
is internally responsible, one third say
the security team is most responsible for
protecting an employee’s identity and
personal information, followed by the CIO or
VP (17%) of the company and 15% state
‘the whole IT department.’
“
MORE THAN
HALF (55%)
OF EMPLOYEES
EXPECT THE USE
OF BUSINESS APPS
TO INCREASE,
INCREASING THE
ODDS THESE
DEVICES MAY
BECOME PART OF
A LARGER DDOS
ATTACK.
knowingly use non-sanctioned apps.
• A total 10% don’t know if the apps they
use at work are banned or not.
• Of those who use non-sanctioned apps
51% claim ‘everybody does it’, while
36% of employees believe their IT
department doesn’t have the right to tell
them what apps they can use.
• One third (33%) claims IT doesn’t
give them the apps needed to get the
job done.
Perceived attitudes of employees and
thoughts on best practices
• Almost a quarter (23%) of IT
decision makers think there will be no
improvement in security behaviour
at their company but 75% think
optimistically that there will be.
• 88% of IT heads say employees
need better education on best
security practices.
• IT decision makers say their top
recommended password policy is
updating passwords regularly (76%)
followed by choosing different
passwords for different systems
(59%) and two-factor or multi-factor
authentication (53%).
• Password policies are communicated
to employees through email reminders
(66%) followed by employee
orientation (50%), internal meetings
(48%) and communication from a
manager (44%).
Challenges and needs of IT
• When protecting their company,
the biggest challenge noted by IT
professionals is lack of corporate
commitment to policy and
enforcement (29%).
• Forty-one percent of IT leaders are only
slightly optimistic about their ability to
stop threats and protect their company.
Additional AIR findings include:
Employee behaviour towards the use
of banned apps or sites at work
• It’s an accepted fact that
companies can block apps and
28
INTELLIGENTCIO
websites at work – 85% of employees
find this practice acceptable.
• However, only 61% of employees claim
their companies actually block specific
sites or apps.
• A total of 30% of employees surveyed
This data is consistent with a recent A10
Networks report that found the average
company suffers 15 DDoS attacks per year,
with average attacks causing at least 17
hours of effective downtime, including
slowdowns, denied customer access or
crashes. Attacks are also getting harder to
defend, with average peak bandwidths of 30
to 40 gigabits per second (Gbps) and many
exceeding that mark. n
www.intelligentcio.com