New Research: Government Workers Lax on Security Risks Posed by New Tech
While more than 1 in 10 government workers have experimented with new tools like generative AI, just half report checking security protocols first
Insights from a new Salesforce survey of over 400 U.S. government employees show that while a majority (77%) agree that keeping data safe is their priority, their actions don’t always follow best practices for cybersecurity. In fact, almost a quarter (22%) of respondents say that security protocols are not strictly enforced and don’t know what to do in the event of a breach.
Cybersecurity in government — the second most cyber-attacked sector last year — has taken center stage recently with the release of the White House’s National Cybersecurity Strategy. Over half (57%) of government employees say their job has become more digitized in the last two years, and over one-third (35%) say their agency receives more security threats now than two years ago. As a result, public agencies have a new edict to more effectively protect the data and privacy of their constituents and employees.
Over half (57%) of government employees say their job has become more digitized in the last two years, and over one-third (35%) say their agency receives more security threats now than two years ago.
“There should be no distinction between doing the job and doing the job securely,” said William MacMillan, SVP of Security, Salesforce. “Employees can be the first line of defense when it comes to data security. This is even more critical as the use of data, automation, and AI grows in the government sector.”
Salesforce’s New Era of Data Stewardship in Government research explores the hurdles these entities face on their quest for security, and reveals a potential area for improvement in adopting best practices among employees and trusted technologies to help ensure compliance.
Government employees assume their technology is secure
As government agencies rely more on technology for their operations and to provide essential services to citizens, organizations are increasingly recognizing the importance of protecting sensitive data by embedding security and compliance measures into their technologies and processes. This is especially true as employees assume the technologies, especially their personal devices and use of the internet at work, are secure:
- Over one-third (34%) of government employees say they personally don’t have to worry about security at work.
- Over half (59%) assume if they can access something on their work device, it must be safe.
- Also, over one-third (34%) don’t consider their connected devices (e.g., mobile phone, laptops) to be a cybersecurity risk.
- Almost half (47%) believe that their personal devices are as secure as their work devices.
Public sector workers may not be as prepared for security risks — especially from new technologies
Most government employees say that their agency provides them with the resources they need to keep data safe:
- For instance, 78% of government employees say their agency has the tools and 76% say they have the training needed to keep data secure.
- They also seem to be confident in their knowledge of how to keep data safe, with 73% saying they are familiar with their agency’s security processes and protocols.
However, these same government employees aren’t always following cybersecurity best practices, and their agencies might not be as protected as they should be — especially as new technologies like generative AI introduce new risks to an organization:
- One in five (20%) government employees have accidentally clicked on a suspicious link at work.
- One in four (25%) use the same passwords for personal and work-related log-ins.
- More than a third (36%) have accessed work documents or systems from their personal device.
- Under half use multi-factor authentication (40%) and VPN for online work (42%) every time.
- More than one-tenth (12%) have already experimented with generative AI, like ChatGPT and DALL-E, for work.
- However, only half (50%) check security protocols before trying a new tool or technology, and just 55% feel their security policies keep up with new tools and technologies.
- In addition, employees who aren’t used to doing as much work online feel less prepared to keep data secure and less likely to follow security protocols. For example, only 33% of somewhat online employees have the training to keep data secure, compared to 50% of those fully online.
“Generating awareness, building employee skills, and fostering a security-first culture are part of the solution. Organizations need to also deliver an infrastructure that protects the entire digital ecosystem,” continued MacMillan. “Implementing requirements like multi-factor authentication (MFA) and a Zero Trust Architecture add additional layers of security to help reduce the chances of sensitive data being compromised or accessed.”
- Read Salesforce’s Connected Government Report on global trends impacting customer and government interactions and the public sector’s approach to digital transformation
- Check out Salesforce’s New Era of Data Stewardship survey results from the healthcare industry
- Review findings from the Generative AI in IT survey, which uncovers opportunities and barriers like security to generative AI adoption
- Learn more about the digital skills gap, including the need for cybersecurity skills, and how companies can narrow it
Data from Salesforce’s New Era in Data Stewardship is based on a survey of 1,230 full-time employees within automotive (400 respondents), government (412 respondents), and healthcare (418 respondents) across the United States. The survey was conducted in partnership with YouGov in March 2023.