Tuesday, 12 May 2015

Irish Survey - Majority of employees admit risky use of personal devices, social media and cloud

Research commissioned by Data Solutions, the leading Irish distributor for IT solutions, has found that the majority of employees in Irish businesses admit to putting their company at risk of cyber security breaches by using personal devices, social media and the cloud for work purposes.

The research was carried out by the Marketing Development Programme at UCD Michael Smurfit Graduate Business School, among 296 working professionals across five locations in Ireland and among 76 IT decision makers within Irish businesses. It found that 53% of employees share work documents and corporate data through cloud services even though 62% of employees admitted they are not aware of the cyber security risks associated with cloud services.

Sixty-seven per cent of employees use their own personal device, such as a smartphone or tablet, for work purposes and a quarter said they either would not/did not know if they would report a lost or stolen personal device, that had access to the company network, to their employer. Three quarters of IT decision makers however said employees are required to report this.

Greater than 20 per cent of employees do not agree that a lost or stolen personal device with access to corporate data should be wiped by their employer, however more than three quarters of IT decision makers said the employer should wipe all data on a device if it has access to corporate data. The Data Solutions research revealed that more than one fifth of companies expose themselves to cyber security risks as they do not require employees to report a personal device used for work purposes, if it has been lost or stolen.

The research highlighted a lack of awareness among employees about data sharing policies regarding the cloud, as while 61 per cent of Irish businesses have such a policy, less than one third of employees are aware of it.

Data Solutions' survey uncovered a cyber-security risk within Irish businesses when it comes to setting out an explicit statement of rights to the retention of data on the personal devices that employees use for work purposes. Approximately one third of companies do not have such a policy in place, and about 20 per cent of employees are not aware of their employer having this policy.

Francis O'Haire, director of technology and strategy, Data Solutions, said, "These findings should make Irish businesses sit up and take notice. The majority of non-IT staff aren't aware of cyber security risks associated with social media and cloud services, and because of this, they unknowingly put the business at risk.

"Recent high profile cyber-security attacks like the Ryanair breach show that there is a real fear of cyber warfare. Companies are faced with the pressure of being ready for all attacks; hackers just need to find one weak link to make a huge dent in a company's finances, reputation or data.

"We will discuss the full findings of the survey at the upcoming Secure Computing Forum and the impact the findings have on Irish businesses."

The results of these findings will form a discussion at the Secure Computing Forum on Thursday, 14th May, 2015 in the Light House Cinema, Smithfield, Dublin. High-profile International speakers which include Dr Robert Griffin, Chief Security Architect of RSA; Freddie Dezeure, Head of CERT-EU and Jeffrey Moulton, Director of Transformation Technologies and Cyber Research Centre at Louisiana State University (LSU); will gather to discuss the security issues and challenges facing Irish businesses today.

Register to the attend at http://securecomputingforum.ie/