Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 30, Issue 2

Full Contents Now Available!

Friday, 21 April 2017 14:04

BCI: Employees too willing to share sensitive information

The Business Continuity Institute

Not only are many employees likely to share confidential information, but they are doing so without proper data security protocols in place or in mind, according to a new study by Dell. Today's workforce is caught between two imperatives: be productive and efficient on the job, and maintain the security of the organization's data. To address data security issues, organizations must focus on educating employees and enforcing policies and procedures that secure data wherever they go, without hindering productivity.

The Dell End-User Security Survey indicates that among the people who work with confidential information on a regular basis, there is a lack of understanding in the workplace regarding how confidential data should be shared and data security policies. This lack of clarity and confusion is not without merit, there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward.

Three in four employees say they would share sensitive, confidential or regulated company information under certain circumstances for a wide range of reasons,with nearly half (43%) saying they would do so when directed by management. Four-fifths of employees in financial services (81%) would share confidential information, and employees in education (75%), healthcare (68%) and federal government (68%) are also open to disclosing confidential or regulated data at alarmingly high rates.

"When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy," said Brett Hansen, vice president of Endpoint Data Security and Management at Dell. "These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity."

The survey finds that when employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways. A quarter of respondents (24%) indicated they do so to get their job done and one-fifth (18%) say they did not know they were doing something unsafe. Only 3% of respondents said they had malicious intentions when conducting unsafe behaviours.

Further findings of the report include:

  • 45% of employees admit to engaging in unsafe behaviours throughout the work day
  • These behaviours include connecting to public wifi to access confidential information (46%), using personal email accounts for work (49%), or losing a organization-issued device (17%)
  • One in three employees (35%) say it is common to take corporate information with them when leaving a company
  • Employees take on unnecessary risk when storing and sharing their work, with 56% using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work
  • 45% of employees will use email to share confidential files with third-party vendors or consultants

These findings help reinforce the theme for Business Continuity Awareness Week which highlights that cyber security is everyone's responsibility, and with a little more awareness on the right policies and procedures, we can all play a part in building a resilient organization.

The survey findings indicate that employees struggle with cyber security in the workplace because they do not want to see their organization suffer a data breach, but they also struggle with the limitations security programmes can put on their day-to-day activities and productivity.

"While every company has different security needs, this survey shows how important it is that all companies make an effort to better understand daily tasks and scenarios in which employees may share data in an unsafe way," says Hansen. "Creating simple, clear policies that address these common scenarios in addition to deploying endpoint and data security solutions is vital in order to achieve that balance between protecting your data and empowering employees to be productive."