Security measures reduce productivity. This is how it is considered by 34% of Spanish workers, who affirm that their company’s cybersecurity strategy offers a poor user experience in terms of complexity and time consumption.
Those consulted in Spain complain of spending an average of 15 minutes a day to comply with the imposed measures, such as inserting passwords, authenticating through codes or using password managers (one minute more than the average in EMEAR).
These are some of the main conclusions of a new Cisco study carried out in five EMEAR countries, including Spain. According to the report, cybersecurity is still far from being a priority for Spanish workers. Eight out of ten consulted in Spain admit to ‘skipping’ the security controls of their company more or less frequently in order to fulfill their tasks, an act that is repeated on average 14 times a month.
Lack of trust
Workers in multiple sectors and in Spanish companies of all sizes (from 1 to more than 500 employees) do not trust corporate protection solutions, and this lack of trust is increasing with widespread teleworking due to the pandemic.
· 30% of Spanish employees consider that their company does not take cybersecurity seriously enough.
· A quarter of those surveyed do not trust their organization to keep them safe, and 35% say that this situation has worsened since the introduction of hybrid work.
· Nearly three in ten (28%) also do not trust their company to respect the protection of their personal data once they leave the company.
Bad habits
Although 66% of those consulted in Spain consider it easy to carry out their work safely, the remaining 34% believe that the experience with the security measures adopted is complex (15%), that it hinders their tasks (10%) or that it is unnecessary as it involves a waste of time (9%).
Users who do not trust their company’s cybersecurity strategy look for their own alternative solutions, thus contributing to an increase in bad practices such as installing unauthorized software or typing in their passwords.
· Nearly one in five Spanish employees (17%) choose to use the same password for multiple accounts and applications, while 16% write them down on paper, putting their company’s network and devices at risk.
· Only 18% say they use a secure password manager for their applications and online services, and only 12% rely on authentication without passwords (such as fingerprint or facial recognition on the smartphone).
Solutions used
Regarding the access protection solutions used by companies, the VPN is the most widespread option (53%), followed by multi-factor authentication (41%) and internal resources to detect phishing attempts and other incidents (43%). ). Interestingly, only four out of ten workers consulted in Spain (39%) state that their organization offers Single Sign On mechanisms (a single password to access all corporate applications and data).
However, although Spanish workers are reluctant to remember passwords, the vast majority are willing to log in using fingerprint (75%) or facial (51%) recognition, reflecting the growing choice of biometric authentication methods.
“With the rise of hybrid working, employees are increasingly operating from uncontrolled environments, using public and private networks and multiple devices”highlights Ángel Ortiz, Director of Cyber-Security at Cisco Spain. “To ensure protection, companies must focus on both worker awareness and choosing security technologies that are integrated and offer a simple user experience that does not affect performance or productivity”.
Cisco Recommendations
For organizations to optimize hybrid worker protection, Cisco recommends:
· Train staff and foster a culture of cybersecurity.
· Implement multi-factor authentication (MFA) as a fundamental step towards Zero Trust.
· Consider a Secure Access Service Edge (SASE) approach to protect access to applications and maintain the security of the environment wherever users are located.
· Shield email from advanced threats (moving email to the cloud provides convenience and scalability, but also comes with increased malware risk).
· Maintain a first and last line of defense with DNS and endpoint security.
diarioti.com
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.