Axiad on Monday released a study that found some 52% of tech leaders say their remote employees had found workarounds to their company’s security policies.
The study found employees were most resistant to complying with multi-factor authentication, mobile device management, and password managers, making it difficult for organizations to ensure all their employees are fully and securely authenticated, leaving companies vulnerable to attacks.
This number really highlights the issues the industry faces as we implement new technology for the remote workforce,” said Bassam Al-Khalidi, founder and co-CEO of Axiad. Al-Khalidi said new software, platforms and credentials are often frustrating for employees to manage if they’re not built with users in mind.
“We hear from a lot of enterprises that their employees find workarounds in enrolling to a new platform or technology because they don’t understand how to work a new solution and don’t have time to reach out to IT for help,” said Al-Khalidi. “This creates a major issue for organizations on how to enforce user adoption of new technologies without locking the user out or impacting their business. Security departments need to reconsider the types of technology they’re implementing and the support they offer employees in education.”
Employees often break security policies and controls not because they are trying to be malicious, but because they are simply trying to get their job done more efficiently, said Sounil Yu, chief information security officer at JupiterOne.
“Companies want clever and creative employees, so it’s no surprise that employees find ways to circumvent security controls,” said Yu. “What’s important is that employees share those circumvention methods with the security team, not so that the security team blocks those methods outright, but so that the security team can work to find or build safer, paved paths that enable employees to be even more productive.”