Employees Actively Seeking Ways to Bypass Corporate Security Protocols in 95 % of Enterprises

Who doesn't get frustrated by work policies that prevent us from browsing social media, YouTube, and the like? I mean, it's a work computer, we should all get free reign to do whatever we want just like our work computers, right???

Well, unfortunately the reality is that employees are a HUGE risk to the security of organizations. Depending on the organization, this may be weighed differently. For example, a credit card company is obviously at a higher risk than say a graphic design company (no offense graphic designers). One thing that's always true though no matter what company you're a part of -- employees are always the weakest link in any security system.

You can do things to harden your systems and make them a lot more secure, however, we always hear you're only as strong as your weakest link. Unfortunately cybersecurity doesn't actually gain anything for the company. As such, it's sometimes hard to justify spending money (typically lots) on protecting your network and data.

Well, just like how hackers always find ways to bypass current controls to execute attacks, there's always employees looking at how they can bypass their company's controls without realizing the potential damage they might inflict. For example, access to personal e-mail accounts like yahoo has the risk (although pretty small) of an employee visiting a malicious link or even potentially installing a backdoor. As we've seen last year with WannaCry, this can potentially be extremely disastrous.

So what are people doing? There's many things employees are doing to thwart company defenses. One of these things is installing a VPN and or using Tor browsers. Using the prior obviously encrypts the session and traffic so it can't be monitored and/or blocked. Ultimately the company just let's traffic flow like normal. Another threat to companies of using services like these, it blocks the access for the company cyber and IT department to see who's conducting such activity.

Increased use of cloud services puts data at risk! Since most cloud migrations and utilizations are still a relatively new thing, this has been a striking point for many attacks.

64 percent of enterprises assessed found corporate information on the web that was publicly accessible, due in part to the increase in cloud applications and services.

To make matters worse, 87 percent of employees were using personal, web-based email on company devices. By completely removing data and activity from the control of corporate security teams, insiders are giving attackers direct access to corporate assets.

So what else drives risk? -- inappropriate usage that violates acceptable use policies. 59 percent of organizations analyzed experienced instances of employees accessing pornographic websites during the work day. Now, I think this is a weird number, because what are they actually calling "porn"? Is an e-mail greeting card with a woman in a bikini considered porn? Or are they only limiting this to actual penetrative intercourse?

43 percent had users who were engaged in online gambling activities over corporate networks, which included playing the lottery and using Bitcoin to bet on sporting events. I will admit I actually am guilty of having done this in the past. I mean, online poker used to be huge -- how could I not be tempted to play? Good thing I got off that boat and can behave now, haha.

In closing, always make sure to be following your company's acceptable use policies and don't try to circumvent any of their defenses. There's a LOT of money and jobs riding on having employees be smart with their computer usage. As we've seen with many companies who get breached or experience malicious hacks, there's a LOT to lose for negligence in the cyber department. Stay safe!!