There are four main ways employees approach cybersecurity. Here’s what you can expect from each approach.
Dubbed the Work From Home Era, this past year has called on companies to completely rethink cybersecurity policies. The transition from office to home has brought with it many variables—employees work on unsecure WiFi connections and use personal and company devices to get work done—creating new security vulnerabilities. Of course, there are many steps companies can take to mitigate those risks, like securing every device an employee might use, and implementing new tools like IAM and password managers. At the end of the day, though, the success of any security measure comes down to security culture: Are employees invested in protecting company data, and do they have the right tools at their disposal (and an understanding of those tools) to do so?
Recently, Dashlane surveyed 1,000 U.S. employees at data-driven companies to ask where they currently stand when it comes to cybersecurity, tech, and online behavior. We discovered there are four main approaches employees take when it comes to cybersecurity at work. Meeting employees where they are, especially during the transition to more permanent work-from-home solutions, can help you work with them to overcome any barriers to securing company data.
Think of it as the Myers-Briggs of security—there are four main types of security personalities, each with its own benefits and challenges, plus combinations of different personalities where they overlap. The four personalities are:
Desensitized
Out of Touch
On Top of It
Above It All
Each of these personality types has distinct traits and attitudes toward technology—and each of them could present different barriers to creating a more secure culture in the workplace.
Representing the largest group of those surveyed, these employees experience the most difficulty when it comes to security, but are the least concerned. While they live mostly online, they don’t often think about technology or consider things like password management or security.
What it means for your security culture
Desensitized employees are not only forgetful but also can get easily frustrated when trying to get work done online. They feel overwhelmed by keeping track of all their online account information logins and spend too much time trying to access their accounts.
The workaround
For the Desensitized, reusing passwords or using weak passwords may feel like the easiest solution. They want to get things done quickly, and that means shortcuts. To encourage them to adopt good cybersecurity habits, you’ll need to provide tools like a password manager that simplify how they’re accessing things on the internet without adding more frustration.
This group doesn’t live online as much as the others, so they care less about the digital world. Less tech savvy, they prefer doing things in person or manually.
What it means for your security culture
Out of Touch employees don’t frequently share their passwords with anyone. They’re most likely to write down their passwords on paper and least likely to lock their devices with a passcode.
The workaround
To encourage change, start with a basic employee education program, then use security technologies that have a very small learning curve and require minimal user interaction. A seamless onboarding experience is essential for this group. Consider cybersecurity tools that have video tutorials and guides that can help with adoption and use.
These employees are more intentional and proactive about taking concrete steps to improve and elevate their personal and professional lives. They prefer to do everything online and strive for efficiency where possible.
What it means for your security culture
Employees who are On Top of It are more likely to own multiple devices. While they’re the group with the highest ownership of password managers, they also frequently use less secure methods—anything that means they don’t have to remember their password. This includes reusing passwords for multiple accounts and storing them in their browser.
The workaround
Lack of awareness is not a big barrier for this group. But since these employees are looking for efficiency, it won’t be easy to change their habits if you’re asking them to take an extra step. To boost security culture, you’ll need to provide cybersecurity tools that offer a seamless user experience with zero impact on their productivity and speed.
With a higher tolerance for frustration, this group is most likely to be among the earliest adopters of a digital life. They’re proud of their ability to manage technical challenges. They’re also the least overwhelmed by keeping track of online accounts and the least likely to have experienced fraud or a personal data leak.
What it means for your security culture
This group actively takes steps to reduce stress in their daily lives. They’re proud of their ability to remember things, and they don’t waste much time accessing their online accounts. But while this cohort seems to have it all under control, they also have slightly lower use of password managers.
The workaround
If the user experience for your security solutions seems too stressful to this group, you’ll have a tough sell. Because they’re tech-savvy, you may risk them turning to their own preferred tools. Consider cybersecurity tools that offer personal benefits or separate work and personal spaces they can toggle between as they maintain fluid boundaries between work and home life. And since these employees are the most likely to carefully read instructions for new services and products, make sure you’re providing them plenty of resources to learn about the security solutions you’re implementing.
Of course, not every employee is going to fit into one category; some have tendencies that align with more than one of the above-mentioned groups, and that can change as they grow within the company.
The solution? Implement a comprehensive, ongoing security awareness campaign that provides continuous education about threats and your employees’ role in maintaining a strong security culture. This keeps security on their minds and avoids complacency, even as they become savvier and improve habits.
COVID-19 gave us a sneak peek at the advantages and disadvantages of remote work. It was also a preview of new security risks, giving businesses an opportunity to better understand and prepare for the future of the workplace.
One of the many lessons we learned during the pandemic is that mandating new policies is not enough—people need tools to help them change behaviors. We may not know if hand sanitizers are going to be permanent on the office supply list, but we do know that businesses are reprioritizing cybersecurity budgets and focusing on IAM solutions. Implementing new security measures now means your company will be prepared for workplace shifts in the future.
Inspired by the breakdown above? Start practically implementing better cybersecurity no matter where your employees are with password management. Learn more in our latest guide.
For more information on Dashlane plans for business, sign up for a free trial or visit dashlane.com/business.
Sign up to receive news and updates about Dashlane
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.
