Survey Shows Australian Workers Admitting to Non-Compliance and Security Risks

Employees are exposing Australia’s largest organizations to security threats by saving work documents on unsecured devices or using personal email accounts, a recent Nitro research survey revealed.

The survey of 300 knowledge workers, from entry to senior management level at organizations with 500+ employees, discovered a major disconnect between worker behavior and IT policies while identifying lack of software standardization as a potential driver of non-compliance.

Despite the majority of enterprise businesses mandating which software (88%) and devices (91%) employees can use, the study found that employees continue to create security risks by using personal devices for work (52%), sending work-related documents through personal email accounts (38%), and saving their work communications or files on devices without password protection (10%).

Surprisingly, risky security practices don’t decline further up the organizational ladder. Research revealed that employees ranging from Managers to the C-Suite admitted negligence on par with junior workers.

CIO blind spots leave systems open to ransom

Given the rising numbers of global ransomware outbreaks—including two attacks in two months that affected the Australian offices of Cadbury and DLA Piper—it has never been more important for CIOs and IT managers at large organizations to minimize all potential vulnerabilities.

Nitro APAC Director Adam Nowiski reports, “In a world where data breaches are increasingly commonplace, there remains a disconnect between the security policies at Australia’s largest enterprises and the real-world behaviors of employees. Security remains a top priority for CIOs and IT managers, but it requires a company-wide compliance culture to ensure procedures are followed.”

“Our study revealed software standardization is too often an overlooked tool in the CIO’s kit for plugging potential data leaks and driving top-down culture change to create an environment free of disparate solutions, inefficient processes, and risky employee workarounds.”

Security through digital standardization

Research revealed that mismatched software products and versions cause compliance challenges among a significant portion of employees, including one in four (23%) who resort to using personal devices because they don’t have suitable pre-installed software and 27% who install unsanctioned software themselves.

In addition to creating potential security risks, the lack of standardization within Australian enterprises is also causing productivity bottlenecks across the workforce. Since many employees are unequipped with the software they need to accomplish key tasks like opening, editing, signing, and securing documents, almost one-third (29%) of workers must send files to a limited number of “power users” who have access to the right tools.

“Such an environment of mismatched software and inconsistent product lifecycles makes it nearly impossible for IT managers to protect against security vulnerabilities,” Nowiski said.

“Standardized environments allow IT managers to focus on protecting and optimizing organizations’ IT systems based on uniform versions of solutions. At Nitro we work closely with customers to achieve such environments, providing change management support and creating practical strategies that save time, money, and IT resources.”

By standardizing on Nitro, real estate services giant JLL Australia hasn’t just improved security—the organization is also making great progress on their path to eliminate all non-digital processes by 2020.

Watch this brief video to learn more about the role Nitro is playing in JLL Australia’s digital transformation strategy.

Key Nitro research findings include:

  • Password disconnects: Although 86% of enterprises enforce strong password procedures—such as password complexity, rotation or two-factor authentication—one in 10 workers admit to leaving work communications or files saved on devices without a password.
  • Lack of printing precautions: One in 10 respondents print sensitive work documents without destroying them after use. Despite previous research that revealed one in four data breaches in organizations of 500 or more people involved paper records, Nitro’s study found just 6% of participants believe that printing sensitive documents without destroying them was the most likely data security threat to their organization.
  • Need for top-down compliance: A significant portion of managers, senior managers, and even C-Suite executives admit to working on personal devices (55%), sending work emails and files through personal email accounts (40%), and saving work communications or files on devices without password protection (10%).