SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Employees fail to update devices, security vulnerabilities increase
Thu, 17th Jun 2021
FYI, this story is more than a year old

IT departments aren't pushing employees to complete updates, despite the negative impact this can have on security.

This is according to a new study commissioned by Kaspersky that looked at worker's attitudes and habits towards updates.

The study finds that 23% of employees have previously had a dispute with IT staff about the importance or frequency of updating their work devices.

Surprisingly, IT teams tend to agree with such demands and let two-thirds (64%) of staff skip installing updates on certain software or OS at all.

According to Kaspersky, updates not only bring new functionality and fix bugs, but also address security vulnerabilities. Furthermore, once a security update is released, malefactors know about these issues. This is why patch management is essential for corporate security.

However, the study shows that some staff members are reluctant to update their work devices, meaning that there are vulnerable computers, laptops and smartphones in the corporate network.

These disagreements bring about the desired results for employees, to the organisation's detriment.

Respondents who argued with IT about updates were asked two questions – whether they were allowed to skip updates (64% said they were) or whether they were allowed to choose what to update (the same 64% chose this option).

Employees may request these options because they are afraid that the time spent updating may affect their productivity, the study shows.

However, more than half of respondents are actually distracted from work because of updates: 43% take a break from what they were doing and 8% just wait patiently at their desk.

Difficulties don't end at the installation stage, as 36% of employees agree that learning new versions of software is a waste of time that could be spent doing their job.

The study also found that overall, 44% of respondents stated that they are less concerned about updating their work devices than personal ones, suggesting that keeping work devices up to date is an insignificant consideration.

Kaspersky Security Awareness Trainings head of business development Elena Molchanova says, “We recommend employees regularly update their devices - it will not only keep them protected, but each update takes just a few minutes.

"This short downtime can be used to recharge body and mind without any harm to business processes."

To help IT staff to encourage employees to regularly install updates, Kaspersky recommends the following:

  • Preparing instructions or video lessons on how to use the updated software
  • Provide contacts for people who employees can reach out to in case of any issues
  • Informing staff about the importance of timely updates and what can go wrong with their data and the company's assets if cybercriminals exploit unpatched security issues
  • Warning employees that if they put off updates for a long time, their devices can install them automatically and restart their devices when they are busy with urgent tasks
  • Implementing a security awareness course that covers this topic