Here at Citrix, we often use independent surveys to help validate our strategic thinking. Recently, we engaged with Wakefield Research to help us take a look at a trend that we feel is as much about an organization’s people–and how educated they are about their role in how to protect both their company and personal information–as the application of any security technology itself.

To set the scene; we are constantly hearing from our customers a common statement around “the need to mobilize my business.” Yet at the same time, we are also hearing–and not just from the CIO, but from the CEO or CFO–that there is a growing concern around how to balance the risks of a mobile business with the need for their organizations to remain secure and compliant in an increasingly volatile and hyper-connected world.

There is hardly a day that goes by where we don’t read about or hear of a new security-related incident such as a breach, advanced persistent threat or a denial of service (DDoS) attack. As this threat landscape has evolved, we see these attacks becoming more targeted, more complex and their adverse effects more visible, often making the front pages of newspapers and some even making it onto international television, such is their audacity and impact.

From the theft of personal information and credit card numbers to state-sponsored industrial cyber-espionage, organizations face a very real “going out of business” proposition if they choose to ignore the continued threat to the confidentiality, integrity and availability of their data and systems. With this visibility has come a new focus from business leaders, concerned about protecting their business assets and intellectual property at all costs.

But how savvy is the everyday employee when it comes to understanding their role in protecting their own or their organization’s information?

Let’s highlight some key findings from our recent research:

  • 70% have not installed security software on their smartphone or tablet.
  • 62% have not strengthened their Wi-Fi password.
  • 51% have not begun to change their passwords more frequently.
  • 88% of employed Americans do not use work devices with trusted company security software, and 93% of Americans don’t keep personal files on the cloud.
  • 38% have a “private folder” on their computer or mobile device that they wouldn’t want anyone else to see. And over half of Millennials (57%) have one.
  • Some Americans like to keep all their secure information in one place, too. 22% have a file on their computer or mobile device that contains all their passwords.

There’s good news and there’s bad news in our research.

It shows that consumers and employees are generally aware of, and worried about information security, but don’t know what to do to protect themselves, and may not even realize they’re putting their data at risk by not taking even the most basic of extra steps to secure their devices and data.

To address this education gap, many organizations are now actively creating and rolling out in-depth information security education programs that cover everything from anti-phishing drills to best practices for encryption, and are intended to form an integral part of a revised “defense-in-depth” strategy alongside new technologies and revised process and policy.

Of course, these education programs are a giant step in the right direction, yet with a growing number of personal smartphones, mobile devices and home computers being used to blur the lines on how and where employees actually perform their work, can organizations move fast enough when it comes to ensuring employees understand the role they play in sustaining a bulletproof security posture?

At Citrix, although we’re not a security company, we realize that we have a key part to play in helping organizations achieve their next generation information security postures.

Our products are built on a secured foundation, based on strong architectural principles supporting confidentiality, integrity and availability.

Our products and services embed core technical functionality that enables the implementation of multi-industry use cases specific to security, privacy, compliance and safety.

We wrap all of this into our “Protect What Matters” philosophy – helping organizations blend the right combination of technology, education and best practice as part of an enterprise security defense-in-depth strategy to provide a superior user experience that is fit for purpose and delivers tangible business value without being intrusive or cumbersome to organization’s employees.

To complement the results of this latest research, we will be issuing some further material over the coming weeks and months that will provide additional information and guidance on how to get the best out of your Citrix investments from a security perspective. Look out for it very soon.

I would love to hear your thoughts on what you would like to see.