Employees Use Personal Devices to Access Company Email and Shared Documents, Despite Lack of Regulations

WASHINGTON, DC, May 15, 2018 – Nearly two-thirds (64%) of employees use a company-approved device for work. However, less than half (40%) of those who use a personal device are regulated when using that personal device, according to a new survey of 1,000 full-time employees published by Clutch, a B2B research firm.

Employees use devices for routine, daily work activities. Among those surveyed who use a personal device for work, 86% check their email and 67% access shared company documents.

“Normal” or accepted employee behavior often present the most dangerous security threats, says Randy Battat, CEO of PreVeil, a company that provides end-to-end encryption for email and file sharing.

“We've seen that at many companies, employees believe that information that needs to be protected is special, sensitive stuff that's explicitly marked, and most of the everyday communications they receive and send aren't a risk for their organizations,” he said. “The reality is that the majority of communications, and an organization's intellectual capital, can be found in the ‘ordinary’ email.”

Passwords are the Front Line of Employee Security

Most employees use passwords as the primary form of IT security at their company. Over three-fourths (76%) practice some form of password protection, the survey found.

In addition, password update reminders are the most common cybersecurity policy employees encounter: Two-thirds (67%) of employees receive updates, followed by internet restrictions (55%) and user permission prompts (53%).

“[Employees] get that they have to change their password regularly because it’s an obvious protection. There’s a responsibility about that at an individual level,” said Steve Scott-Douglas, CIO of Ciklum, a software engineering and solutions company.

Most employees, however, use the simplest method of password protection: regularly updating their passwords. At least twice as many employees update passwords regularly (82%) compared to using complex password protection methods such as multi-factor authentication (41%) or a password manager (20%).

Employees Follow Cybersecurity Best Practices Beyond Company Policies

In several areas of cybersecurity, employees exhibit secure behavior that goes beyond their company’s policy.

For example, more employees report security incidents (60%) than go through cybersecurity policy or compliance training (59%).

This finding indicates that employees have a general understanding of IT security threats and best practices. However, without regular training or communication from their company, they may fail to recognize when they encounter policy.

Most employees (52%) receive security policy training once per year, according to the survey.

The study suggested that to ensure employees recognize and comply with security policy, companies should implement consistent cybersecurity policy training.

To read the full report and source the survey data, visit: https://clutch.co/it-services/resources/how-employees-engage-company-cybersecurity-policies

For the raw data, a comment on the findings, or an introduction to the experts interviewed for this report, contact Grayson Kemper at grayson@clutch.co.

About Clutch

A B2B research, ratings, and reviews firm in the heart of Washington, DC, Clutch connects small and medium businesses with the best-fit agencies, software, or consultants they need to tackle business challenges together and with confidence. Clutch’s methodology compares business service providers and software in a specific market based on verified client reviews, services offered, work quality, and market presence.

Contact

Grayson Kemper

(202)470-0491

grayson@clutch.co