"Who watches the watchers?" quipped Juvenal, a Roman poet about 2,000 years ago. Not much has changed since then. When it comes to security practices, a recent study found that IT personnel — the people who are tasked with keeping a company technologically safe — are often the biggest offenders when it comes to incredibly unsafe practices.
Intermedia, a company that works with cloud and security services for businesses, conducted a study to determine how safe the average company was, and the results weren't terribly encouraging. Of more than 2,000 workers surveyed in the United Kingdom and the United States, Intermedia determined that 97 percent had access to some kind of confidential company information, and 93 percent took part in at least one bad security practice. With numbers that high, the overlap between the two categories is bound to be substantial.
The most interesting result, by far, was that IT workers tend to be the biggest potential points of failure. Twenty-eight percent of IT staff surveyed had accessed systems belonging to former employers after leaving the company. 65 percent shared logins with multiple users, and 40 percent thought it was OK for users to install apps without first consulting IT. Compare this to the overall respondents: 13 percent, 46 percent and 27 percent, respectively.
Somewhat surprisingly, tech companies overall had much worse security practices than the general populace. Forty-five percent of tech industry employees would install apps without consulting IT, 67 percent shared logins and 57 percent would access an old company's information after leaving a job. The results across multiple industries were 23 percent, 49 percent and 33 percent respectively.
This supposed paradox is not terribly hard to explain. IT professionals and tech industry employees alike both have (or think they have) much better knowledge of how a computer works than the average user. As such, they see consulting higher-ups before installing a harmless app like Spotify or CCleaner or Firefox as a waste of time. Even if there's some kind of block, they often have the know-how to get around it, and doing so is still faster than consulting management.
Naturally, Millennials were less timid about installing new apps (41 percent), using personal cloud storage for private files (28 percent) and taking data from companies for personal use (23 percent) than either Baby Boomers (10, 13 and 5 percent, respectively) or Gen Xers (16, 24 and 12 percent, respectively). This isn't necessarily a bad thing — Martin Dunsby, the CEO of cloud storage company Hybridge, Inc., pointed out that this is because Millennials often know more about the software they're installing than the IT people charged with overseeing it.
After the study, Intermedia surveyed a number of other cloud storage and security companies, and the responses were almost unanimous: Educate users about security risks, but also empower them to make their own decisions. Clamping down on security protocols, they argued, was regressive and unrealistic.
Keep in mind, too, that "unsafe security practices" don't necessarily translate to increased security issues. If people know exactly what they're doing, the practices described above could be harmless — but again, when dealing with more than 2,000 people, that's a pretty big "if." In the meantime, try not to overestimate your security prowess, especially if you work in IT.