Survey Reveals Security Shortcuts Taken by "Privileged Users" During the Holidays

BalaBit Warns Organizations to Protect Against Security Lapses During the Festive Season


NEW YORK, NY--(Marketwired - Dec 10, 2014) - Results from a survey of "privileged users"* conducted by BalaBit (www.balabit.com), an IT security innovator specializing in log management and advanced monitoring technologies, reveals that a combination of irresponsible user behavior and weaknesses in the protection of networks could create more risks for data breaches during the holiday period than at any other time. 

With the festive season approaching, most respondents (70%) still expect to use the downtime to connect to the network or check in on emails, with more than a third (39%) logging on to access emails several times a day. However, while the majority of respondents (72%) have used their own, a friend's or a public device to connect to the network during their holiday, 38% of users have not been asked for extra levels of authentication when connecting to the company network from a device that has not been registered.

The survey also reveals that some executives sidestep basic security measures during their time off. One in seven respondents (14%) have shared personal access details -- their user name or password -- with a colleague. Going against best practice on password protection, the same number of respondents have shared their password on the phone so that a colleague could complete an urgent task on their behalf. 

Around a third of all respondents surveyed (35%) also admitted that they have not changed their password immediately after they have given it to someone else. Personal relations appear to play a role in this with a fifth of respondents admitting they had done this, as they trusted that person. 

"With the holiday season approaching, it can be a prime time to catch up on any unfinished tasks and many of us need to check emails when we're out of the office. However this survey highlights some worrying lapses in the protection of personal information during the holidays. While we're relaxing at home, we can sometimes use the easiest route to complete a task, which means that security is compromised. Of course, we need to allow executives to do their job even if they're not in the office, but organizations need to support them to do this in a secure way that protects the integrity of sensitive company data," said Zoltán Györkő, CEO of BalaBit.

BalaBit's Tips to Protect the Network over the Holiday Season
While BYOD can help employees to do their job even if they're not in the office, which can make business processes more effective, IT security teams should support them to do this in a secure way:

  • Establish IT policies to prevent users from sharing account usernames and passwords. Even if a password is changed immediately after it has been shared with any colleague, the security of the corporate network may already have been compromised.
  • In situations where a task needs to be done on behalf of a privileged user during the holiday, be prepared in advance. Give temporary access with the appropriate credentials to a colleague who is the substitute or use a digital credential store within your network. This solution offers a secure way to store user credentials (for example, passwords, private keys, certificates) to login to the target server, without the user having access to the credentials, even if the credentials belong to shared accounts (e.g. root).
  • Ensure that your policies support them to do their job on a secure way, as the time and resources spent on preventing security incidents is far less than that spent on mitigating the risk of business and reputation damages.
  • Enforce a secure access (VPN, SSL or bastion mode), and an authentication when users access the company network from a device that is not registered.
  • Monitor users' activities in real time and set alerts (or block the session) in case of detecting suspicious activity in the network. Rather than adding countless control layers, a monitoring-based approach can help to prevent data breaches by identifying unusual user activity. 

BalaBit's Shell Control Box, an industry-leading turnkey appliance for monitoring privileged user's activities can support the above mentioned recommendations and help organizations to dramatically reduce human risk.

More information is available at: http://www.balabit.com/network-security/scb

About BalaBit
BalaBit -- headquartered in Luxembourg -- is a European IT security innovator, specializing in log management and advanced monitoring technologies. It has sales offices in France, Germany, Hungary, Russia, the United Kingdom and the United States and partners in 40+ countries. Its main development centers are located in Hungary. BalaBit has customers all over the world including 23 Fortune 100 companies.

The company is widely-known for syslog-ng™, its open source log management solution, used by more than a million companies worldwide. This significant user base has provided a solid foundation for the company's expansion which has been fueled by Shell Control Box™, a pioneering development for the rapidly-growing privileged activity monitoring market. For more information, visit www.balabit.com.

Notes for Editors
*Survey conducted with 269 users with high privilege rights, comprising: IT Security consultants, C-level: CEO or CISO or CEO, Operations manager, system administrator and other IT professionals. 

BalaBit™, Shell Control Box™, syslog-ng™ and Contextual Security Intelligence™ are trademarks of BalaBit. All other product names mentioned herein are the trademarks of their respective owners.

Contact Information:

Media Contact:
Dan Chmielewski
Madison Alexander PR
Office +1 714-832-8716
Mobile: +1 949-231-2965
dchm@madisonalexanderpr.com