You're sitting at the airport, coming home from a week-long business trip in New York. Your frappuccino is half-melted, a glob of it staring back at you from the floor, and there's a baby screaming behind you.
Your plane has been delayed, but it's finally approaching the gate when you get an email from your boss. She wants you to resend her the confidential report you wrote up this week so she can forward it to her demanding supervisors.
Naturally, this particular terminal isn't allowing your company-issued cell phone any bars of service whatsoever, so you pull out your laptop to resend the file.
Glancing through your available WiFi options, you decide against 'It Hurts When IP', and hesitantly point your mouse over 'JFK Free WiFi'. You know it's not smart to connect to a public and unsecured WiFi network, which you learned in your security training session last week, but you know your boss needs this document before the long flight home.
Weighing your options for another brief second, you decide to take your chances and send the report over the available network.
Sadly, this scenario is all too common, according to Dell's 2017 End-User Security Survey.
The survey shows a whopping 72% of employees will skip over security best practices if it means they can get their work done more efficiently.
Even scarier, when asked why, 43% responded they would just do what management said.
Certain types of information are more confidential than others, however. That's why we should be so alarmed when 81% of those in financial services say they would share sensitive, confidential or regulated company information. This is closely followed by 68% of people in both the healthcare and government sectors who say they'd do the same.
But it's not a problem if people say they'd adopt unsafe security practices in theory, but not actually use them. However, 45% of those surveyed openly admit to poor security hygiene in the workplace.
These behaviors include using public WiFi networks to access confidential information (46%) and using personal email accounts for business (49%). 17% have even lost a work-issued device entirely.
Furthermore, 35% say it's not uncommon to take company data with them when they leave a job, even though only 3% of those surveyed admitted to any of these bad security practices with malicious intent.
That means that either people are just clueless (18%), or they just wanted to get their job done quicker (24%).
Either way, the effect is the same. According to these results, company data is screwed.
"Confidential data will be sent, stored and accessed on a daily basis, and employee training alone is not going to keep corporate information secure. It’s imperative that organizations design their security program to implement a combination of solutions that address security awareness, enablement and protection among the workforce. If companies are going to keep their data truly safe amid an ever-evolving threat landscape, they need clear protocols in place that are backed by a realistic understanding of employees’ day-to-day responsibilities, as well as technology that protects sensitive data wherever they go – whether at rest, in motion or in use," the survey concludes.
