Almost three in four employees are willing to share sensitive, confidential or regulated company information under certain circumstances. A third said it’s common to take confidential data when leaving a company.
Those are a couple of the findings from a Dell End-User Security Survey, which finds that not only are many employees likely to share confidential information in the course of the work day, but that they are doing so without proper data security protocols in place or in mind.
Results of the survey from the Round Rock, Texas-based firm also show that four in five employees in financial services (81%) would share confidential information, and employees in education (75%), healthcare (68%) and federal government (68%) are also open to disclosing confidential or regulated data at alarmingly high rates.
The survey revealed today’s workforce caught between productivity and efficiency on the job and securing company data. Seventy-six percent of employees felt their company prioritizes security at the expense of employee productivity. The report suggested companies must focus on educating employees and enacting policies and procedures that secures data wherever they go, without hindering employee productivity.
Survey results also indicated a lack of understanding regarding data security policies and sharing data among the professionals working with confidential information on a regular basis. This lack of clarity and confusion is not without merit; there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward.
Some 73% of employees said they would share sensitive information for a wide range of reasons including: being directed to do so by management (43%); sharing with a person authorized to receive it (37%); determining that the risk to their company is very low and the potential benefit of sharing information is high (23%); feeling it will help them do their job more effectively (22%); Feeling it will help the recipient do their job more effectively (13%).
“When security becomes a case-by-case judgment call being made by each individual employee at an organization, there is no consistency or efficacy,” Brett Hansen, vice president of Endpoint Data Security and Management at Dell, said. “These findings suggest organizations need to arm employees with better education regarding data security best practices and put policies and procedures in place that focus first and foremost on securing data while maintaining employee productivity.”
The survey finds that when employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways. Twenty-four percent of respondents indicated they do so to get their job done and 18% said they did not know they were doing something unsafe. Only 3% of respondents said they had malicious intentions when conducting unsafe behaviors.
Other findings include:
• Employees report engaging in unsafe behaviors including connecting to public Wi-Fi to access confidential information (46%), using personal email accounts for work (49%), or losing a company-issued device (17%).
• Employees take on unnecessary risk when storing and sharing their work as well with 56% using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work.
• Some 45% of employees use email to share confidential files with third-party vendors or consultants.
“Today’s workforce is extremely flexible in that they work from a variety of locations on many different devices and have a multitude of options available to them to store, share and back-up data. While these elements enhance productivity, the risk of lost or stolen data grows immensely,” Hansen held. “These findings reinforce the urgent need for companies to standardize the process of when and how data should be shared and with whom, as well as determining polices to ensure data are safe when an employee leaves an organization.”
