Four in 10 employees unaware of company security policies

Four in 10 New Zealand employees surveyed are unaware of company security policies

New Zealand Organisations Say Mobile Security is Top Priority but Are Not Using Advanced Measures to Secure Mobile Devices and Apps, Unisys Research Finds

The 2012 New Zealand “Consumerisation of IT” research into enterprise mobility, commissioned by Unisys and conducted by Forrester Consulting1, reveals that while most Kiwi organisations are implementing some security measures related to smartphones and tablets in the workplace, many are not enforcing them consistently, even as they report that security is their top concern related to mobile devices.

The vast majority (80 percent) of New Zealand organisations surveyed reported that security continues to be of great concern when allowing employees to access business data via a smartphone or tablet in the workplace. This rate is much higher than the global average of 56 percent of organisations.

For example, 73 percent of surveyed New Zealand organisations cite implementing or improving mobile security as being a top priority in the next year. The majority of respondents – 67 percent – say that their focus will be on deploying password-based authentication for mobile users.

However, fewer are considering more sophisticated security measures: Only 37 percent are considering token-based authentication, and 10 percent are considering biometric-based authentication. Interestingly, New Zealand organisations are more likely than the global average (22 percent) to consider token-based authentication, but less likely than the global average (19 percent) to consider biometrics.

“Most organisations are relying on passwords, a relatively primitive solution, to secure their mobile devices and applications,” said John Kendall, Security Program Director, Unisys Asia Pacific. “A truly effective security approach requires a combination of strong policy and technology as well as the means to enforce both.

“The risk of a data breach via compromised passwords is higher in a mobile environment because mobile devices can be easily lost or stolen. Unisys recommends that organisations consider multifactor authentication, where the employee is identified not only by ‘what they know’ (a PIN or password) but also by ‘who they are’ (a biometric such as a fingerprint or face scan) to protect sensitive assets,” Mr Kendall said.

Security policies are only effective if employees adhere to them. The research found that almost 90 percent of New Zealand organisations have security policies in place, yet nearly half of them admit that they lack the tools to implement or enforce security policies.

At the same time, 59 percent of surveyed employees say they are aware of their company’s security policy, leaving 41 percent who are not. Those uninformed workers could unintentionally breach company security policies. In addition, 6 percent of Kiwi employees say they sometimes ignore or work around their company’s security policies.

The research also exposes a potential security risk in the recent phenomenon of employees using BYO apps: almost a quarter (24 percent) of New Zealand employees admit they have downloaded unauthorised mobile apps or PC software for work. Employees surveyed in Australia, on the other hand, are almost twice as likely to do that (42 percent).

“BYO apps bring a two-fold security risk, sometimes easily downloadable apps can be malicious vehicles for network breaches and data theft. To avoid negative consequences of employees’ using unauthorised software, organisations can create a company ‘app store’ that contains approved, secure software – either developed internally or purchased from a third party – to safely provide employees with the capabilities they need to do their work productively,” Mr Kendall said.

Mr Kendall also suggested that rather than rely solely on controlling access to data, organisations should consider securing the data itself via encryption. “That way even if the wrong people gain access to where the data resides, they still can’t read the data,” he said.

“The good news is that today’s mobile world is necessitating – and enabling – sophisticated new approaches to security. For example, attribute-based access control is an emerging technology that grants access based not only on the nature of the data and the individual requesting access. It also factors in the location from which access is being requested and the method used to authenticate identity – for example, requiring a fingerprint rather than a password for access to more sensitive information.

“Attribute-based access control also identifies anything about the access request outside the employee’s normal pattern, such as attempts to access information they don’t normally access or at hours outside their normal work schedule. Such approaches help stop data breaches before they happen by automatically enforcing appropriate security measures,” Mr Kendall explained.

About the Research
1Unisys commissioned Forrester Consulting to conduct the two global surveys in June 2012. They first polled 2609 employees/information workers (iWorkers) to evaluate the state of mobile and personal device use and application use in the workplace. The second, separate study surveyed 590 business and IT decision makers from organisations of more than 500 employees with responsibility for purchasing computing devices or applications to support their enterprise. Respondents in both surveys were randomly recruited and screened from international panels, and came from nine countries: United States, Australia, Belgium, Brazil, France, Germany, The Netherlands, New Zealand and United Kingdom.

In New Zealand, there were 187 iWorker respondents and 30 IT and business respondents. Ninety-seven percent of the New Zealand organisations that responded in the IT and business decision maker survey have more than 1,000 employees. For complete details, including country reports and global findings, visit Unisys’ Consumerisation of IT site: http://www.unisys.com/unisys/ri/topic/researchtopicdetail.jsp?id=700004

About Unisys Asia Pacific
In Asia Pacific, Unisys delivers services and solutions through subsidiaries in Australia, New Zealand, China, Hong Kong, India, Malaysia, The Philippines, Singapore, and Taiwan and through distributors or resellers in other countries in the region. For more information visit www.unisys.co.nz. Follow us on www.twitter.com/UnisysAPAC.

About Unisys
Unisys is a worldwide information technology company. We provide a portfolio of IT services, software, and technology that solves critical problems for clients. We specialise in helping clients secure their operations, increase the efficiency and utilisation of their data centres, enhance support to their end users and constituents, and modernise their enterprise applications. To provide these services and solutions, we bring together offerings and capabilities in outsourcing services, systems integration and consulting services, infrastructure services, maintenance services, and high-end server technology. With approximately 22,500 employees, Unisys serves commercial organisations and government agencies throughout the world. For more information, visit www.unisys.com.

####

Unisys is a registered trademark of Unisys Corporation. All other brands and products referenced herein are acknowledged to be trademarks or registered trademarks of their respective holders.

© Scoop Media