- 80% of workers use their own devices to access workplace applications
- Two-thirds break policies by forwarding emails and using personal hotspots
- CyberArk is calling for the implementation and enforcement of AI policies
According to cybersecurity firm CyberArk, Britain’s workers are exposing their employers to security risks by not following simple principles that could prevent many breaches.
The study found that four in five employees use personal devices to access workplace applications, which it blames on the rise of hybrid work.
This is especially problematic for companies because, although their systems may have strong protection, personal accounts tend to have weaker security and can often act as an entry for attackers.
Workers are exposing their companies to cyberattacks
Apart from accessing workplace applications on their own devices, two in five (39%) employees admitted to downloading customer information on their own devices, and nearly a third say they have the ability to approve significant financial transactions.
Nearly two-thirds (65%) of workers also confess to ‘only sometimes’ or ‘never’ following their organization’s cybersecurity policies by forwarding work emails to personal accounts and using their own devices as Wi-Fi hotspots.
Additionally, two in five (42%) workers say that they either ‘only sometimes’ or ‘never’ following information handling guidelines when it comes to using AI tools at work.
Besides taking a more proactive approach to protecting sensitive and confidential data, workers should also consider using strong passwords. Nearly half (49%) admit to reusing passwords across multiple work applications, with more than a third (36%) using the same passwords for personal and work accounts.
CyberArk CEO Matt Cohen said: “These findings show that high-risk access is scattered throughout every job role and bad behaviors abound, creating serious security issues for organisations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls.”
Looking ahead, CyberArk’s report calls for enhanced employee education and training initiatives, and clearer and enforced guidelines for the use of artificial intelligence.