Unsafe data security practices still common in the workplace

Dell unveils findings of its global End-User Security survey which highlights the widespread unsafe sharing of confidential data at work.

Dell is releasing the results of its Dell End-User Security Survey, which finds that not only are many employees likely to share confidential information, but that they are doing so without proper data security protocols in place or in mind.

Results show that today’s workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data. To address data security issues, companies must focus on educating employees and enforcing policies and procedures that secure data wherever they go, without hindering productivity.

Employees likely to share confidential information

Survey results indicate that among the professionals that work with confidential information on a regular basis, there is a lack of understanding in the workplace regarding how confidential data should be shared and data security policies.

This lack of clarity and confusion is not without merit; there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward.

Three in four employees say they would share sensitive, confidential or regulated company information under certain circumstances for a wide range of reasons including:

  • Being directed to do so by management (43 per cent)
  • Sharing with a person authorised to receive it (37 per cent)
  • Determining that the risk to their company is very low and the potential benefit of sharing information is high (23 per cent)
  • Feeling it will help them do their job more effectively (22 per cent)
  • Feeling it will help the recipient do their job more effectively (13 per cent)

Four in five employees in financial services (81 per cent) would share confidential information, and employees in education (75 per cent), healthcare (68 per cent) and federal government (68 per cent) are also open to disclosing confidential or regulated data at alarmingly high rates.

‘When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy,’ says Brett Hansen, vice president of endpoint data security and management at Dell.

‘These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.’

Unsafe behaviours common in the workplace

The survey finds that when employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways. Twenty-four per cent of respondents indicate they do so to get their job done and 18 per cent say they did not know they were doing something unsafe. Only three per cent of respondents said they had malicious intentions when conducting unsafe behaviours.

Forty-five percent of employees admit to engaging in unsafe behaviours throughout the work day.

These behaviours include connecting to public Wi-Fi to access confidential information (46 per cent), using personal email accounts for work (49 per cent), or losing a company-issued device (17 per cent).

One in three employees (35 per cent) say it is common to take corporate information with them when leaving a company.

Employees take on unnecessary risk when storing and sharing their work, with 56 per cent using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work.

Forty-five per cent of employees will use email to share confidential files with third-party vendors or consultants.

Employees Support Protecting Information, but Don’t Feel Empowered

The survey findings indicate that employees struggle with cybersecurity in the workplace because they do not want to see their company suffer a data breach, but they also struggle with the limitations security programs can put on their day-to-day activities and productivity.

Nearly two in three employees (65 per cent) feel it is their responsibility to protect confidential information, including educating themselves on possible risks and behaving in a way that protects their company.

Thirty-six per cent of employees feel very confident in their knowledge of how to protect sensitive company information.

Twenty-one per cent feel it is difficult to keep up with changing security guidelines and policies, and 22 per cent say they are worried that someday they will do something by mistake and cause damage to their company.

Nearly two in three (63 per cent) employees are required to complete cybersecurity training on protecting sensitive data. However, of those who received cybersecurity training, 18 per cent still conducted unsafe behaviour without realising what they were doing was wrong, whereas 24 per cent conducted unsafe behaviour anyway in order to complete a task

‘While every company has different security needs, this survey shows how important it is that all companies make an effort to better understand daily tasks and scenarios in which employees may share data in an unsafe way,’ says Hansen.

‘Creating simple, clear policies that address these common scenarios in addition to deploying endpoint and data security solutions is vital in order to achieve that balance between protecting your data and empowering employees to be productive.’

Michael Kaiser, executive director, National Cyber Security Alliance, says, ‘It is imperative for organisations of all sizes to instil among employees the critical role they play in keeping their workplace safe and secure. When a company educates its employees on cybersecurity practices, and they are still not confident nor feel empowered to properly handle sensitive data, it means the approach must be reworked.

‘Cybersecurity education needs to be an integral part of the workplace culture. It must be built around a practical, ongoing dialog in which employees are empowered and incentivised to speak up when they’re unsure about the implications of a decision. Cybersecurity education doesn’t mean hosting a one-time course or seminar; it means making security a collaborative, continuous cultural initiative.’

Claire Vyvyan, senior vice president, UK & Ireland Commercial Business, Dell EMC concludes, ‘The findings highlight how UK SMEs are better educated and more responsible with their behaviour at work than many of their EMEA counterparts. However, this shouldn’t be a reason to rest on our laurels.

‘We have seen time and time again that nearly all data breaches begin at the end point – often not for malicious reasons but often explained by a lack of training or awareness. With end user security still clearly such a major cause for concern within businesses, Dell EMC will continue to develop the most secure technology available on the market today.’

Further reading on data security

Owen Gough, SmallBusiness UK

Owen Gough

Owen was a reporter for Bonhill Group plc writing across the Smallbusiness.co.uk and Growthbusiness.co.uk titles before moving on to be a Digital Technology reporter for the Express.co.uk.

Related Topics

Data Security