15% of Office Employees Utilize Unapproved GenAI Tools

Published:

Balancing Security and Productivity: The Challenge of Rigid Protocols in the Workplace

In today’s fast-paced digital landscape, organizations face a dual challenge: ensuring robust cybersecurity while maintaining employee productivity. Rigid security protocols—such as complex authentication processes and highly restrictive access controls—can frustrate employees, slow productivity, and inadvertently lead to unsafe workarounds. According to Ivanti, understanding workplace behavior is crucial for strengthening security without compromising user experience.

The Frustration of Rigid Security Protocols

As organizations strive to protect sensitive data and maintain compliance, they often implement stringent security measures. However, these measures can create a paradox. A staggering one in two office workers admit to using personal devices to log into work networks, with 32% of them revealing that their employers are unaware of this practice. This behavior highlights a significant gap between security protocols and employee practices.

Despite the importance of security, only 13% of security professionals consider user experience (UX) for end users a mission-critical priority when adopting cybersecurity technologies. This oversight can lead to employees bypassing established protocols, opting for convenience over security. Mike Riemer, Field CISO at Ivanti, emphasizes that “strong security shouldn’t come at the cost of user experience,” suggesting that organizations must find a balance that fosters both security and productivity.

The Risks of Unapproved Tools

The rise of advanced technologies, particularly Generative AI (GenAI) tools, introduces new challenges for organizations. Ivanti’s research indicates that 81% of office workers have not received training on GenAI, and 15% are using unsanctioned tools. This lack of oversight can expand an organization’s attack surface, introducing vulnerabilities that compromise security.

Unapproved GenAI tools, much like any form of shadow IT, pose significant risks. Employees may inadvertently input sensitive company or customer data into these tools, which are often processed on external servers. This practice raises concerns about data breaches and violations of privacy laws, such as GDPR and HIPAA. Organizations must be proactive in addressing these risks by implementing clear policies and training programs that educate employees about the potential dangers of using unapproved technologies.

The Shift in Workplace Dynamics

As organizations navigate the complexities of remote and hybrid work, executive leaders are increasingly advocating for in-office presence. In 2024, 60% of executives believe that employees need to be in the office to be productive, a notable increase from 44% the previous year. However, this push for in-office work does not diminish the importance of supporting remote work arrangements.

Regardless of the work model, organizations must ensure that they provide the necessary tools and resources to support all employees. Currently, only 62% of organizations utilize a VPN or zero-trust access solution to restrict network access and protect sensitive information. Furthermore, only 57% employ multi-factor authentication (MFA), which is essential for safeguarding against unauthorized access.

The Importance of Digital Employee Experience (DEX)

Digital Employee Experience (DEX) tools play a crucial role in minimizing the need for employees to alter their typical work behaviors. Despite the significant contributions DEX tools can make to security, only 38% of companies consult their Chief Information Security Officer (CISO) when developing DEX strategies. This disconnect can hinder the effectiveness of security measures and lead to increased frustration among employees.

While 89% of security professionals report having invested in the right security-related Unified Endpoint Management (UEM) tools to automate security practices, there is a pressing need for a mindset shift. Organizations must prioritize the integration of security measures with employee workflows, ensuring that security protocols enhance rather than hinder productivity.

Conclusion: A Call for Balance

The challenge of balancing security and productivity in the workplace is multifaceted. Organizations must recognize that rigid security protocols can lead to frustration and unsafe workarounds among employees. By understanding workplace behavior and prioritizing user experience, companies can implement security measures that protect sensitive data without compromising productivity.

As the landscape of work continues to evolve, organizations must remain vigilant in addressing the risks associated with unapproved tools and technologies. By fostering a culture of security awareness and collaboration, businesses can create an environment where employees feel empowered to work securely and efficiently, ultimately strengthening their overall security posture.

Related articles

Recent articles