leowolfert - Fotolia

UK firms need to address risky user habits

McAfee calls for companies to ramp up their security culture and improve the integration of technical security controls to minimise exposure from workers

Nearly half (45%) of UK residents polled by security firm McAfee either do not check the security of their internet connection or are willing to connect to an unsecured network while travelling, a survey shows.

That is despite the fact that more than one-third (38%) consider their personal information to be less secure when travelling compared with when they are at home, according to McAfee’s research.

With 43% of respondents spending more than an hour a day on connected devices during trips away, the survey report said it is particularly concerning to discover that network security is not being prioritised.

According to the survey, individuals are even using devices for data-sensitive activity such as checking and sending emails (56%) and managing money through a banking app (32%).

Also, almost one-third (29%) admit to using work devices while on holiday, and 15% cannot resist looking at their work email, despite work devices being connected to personal and private data through corporate cloud, email and productivity services.

The vast majority of respondents admitted they use work devices to connect to public Wi-Fi in airports (62%) and hotels (49%), potentially putting sensitive business information at risk.

“Businesses are working hard to enable staff to work collaboratively and flexibly through productivity tools and apps based in the cloud,” said Raj Samani, chief scientist and McAfee fellow. “And while it is their responsibility to ensure the appropriate security is in place, no matter where their employees are in the world, cyber security threats exist and proactive steps must be taken by those using work devices abroad to minimise the risk.”

Read more about security culture

Organisations should recognise that this potentially risky behaviour occurs, said Samani, and in response ensure that the right security systems are in place to monitor data and flag any potential breaches.

“Many companies have too many IT security tools operating in silos and failing to communicate with each other – making it much harder to realise when systems have been subject to a breach,” he said.

In addition to repeated cyber security training for staff to increase awareness of potential cyber risks, Samani said IT teams should focus on building proactive, platform-based and integrated cyber security systems.

Using this approach, he said, security professionals can ensure that tools can communicate to identify weak spots, reduce the risk of data breaches and support the drive for a true culture of security in the enterprise – “no matter where employees are using their work devices”, he said.

Read more about security integration

Read more on Hackers and cybercrime prevention

Data Center
Data Management