15% of office workers use unsanctioned GenAI tools

Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti.

Understanding workplace behavior key to strengthening security

In fact, one in two office workers admit to using personal devices to log into work networks, with 32% of them revealing their employers are unaware of this practice. Yet, just 13% of security professionals say user experience (UX) for end users is a mission-critical priority when adopting cybersecurity tech interventions. By focusing on UX in security measures, organizations can minimize the likelihood of employees bypassing established protocols and resorting to unsafe workarounds.

“Although harmless in the moment, employees typically opt for convenience and put security on the back burner,” said Mike Riemer, Field CISO, Ivanti. “Companies should take steps to understand their employees’ workplace behaviors and adopt security measures that reduce the temptation for employees to sidestep protocols and use unsafe workarounds. Strong security shouldn’t come at the cost of user experience, as it is integral to maintaining both security and productivity.”

When employees have unfettered access to GenAI tools and other advanced technologies, it can introduce challenges with data privacy, compliance, cyber risks, and copyrighted materials. Ivanti’s research shows that 81% of office workers report they have not been trained on GenAI and 15% are using unsanctioned tools. 32% of security and IT professionals have no documented strategy in place to address GenAI risks.

Unapproved GenAI tools — just like any other shadow IT — introduce risk by expanding the organization’s attack surface without any oversight from security, potentially introducing unknown vulnerabilities that compromise an organization’s security posture.

Employees may inadvertently enter sensitive company or customer data into GenAI tools. When these data are stored or processed on external servers, they are outside the organization’s control, and vulnerable to breaches and violations of privacy laws (e.g., GDPR, HIPAA).

Executive leaders believe office presence boosts productivity

60% of executive leaders in 2024 believe employees need to be in the office to be productive, compared to 44% last year. Even if employers are pressuring employees back to the office, it does not mean remote working is no longer a priority or concern.

Whether half of employees work remotely or just a small fraction do, there is still a profound need to ensure that the company supports all the ways employees work. Only 62% use a VPN or a zero-trust access solution to restrict network access and protect sensitive information, and only 57% use multi-factor authentication.

DEX-informed security minimizes the need for employees to change their typical work behaviors. Yet, despite the significant contributions DEX tools can make to security, only 38% of companies consult the CISO for input on digital employee experience (DEX) strategy, investments, and planning.

Currently, most security professionals (89%) say they have invested in the right security-related UEM tools to automate security practices. What’s needed in addition to tools may be a mindset shift.