Dell has recently released the findings from their End-User Security Survey, and the results will probably keep you up late at night with worry. Their key finding was that an overwhelming percentage of employees (72 percent) are willing to share confidential or sensitive corporate information, and fully a third say that taking confidential corporate data on leaving a company is common practice.
Further, 45 percent of employees surveyed admitted that they knowingly engaged in unsafe behaviors that posed security risks during the course of a typical business day. These behaviors include using un-secure public Wi-Fi to access sensitive data, using personal email accounts to send it from one place to another and losing a company-issued device.
Those are jarring statistics, to be sure, but in digging a bit deeper, the survey reveals a complicated landscape. After all, there are times when it is indeed appropriate to share confidential data. These include:
• Sharing under management directive (43 percent)
• Sharing with a person who is authorized to view and access the data (37 percent)
• Instances of low risk, high reward sharing (23 percent)
• The data sharing either helps the person sharing, or the person receiving the information perform their job more efficiently and effectively (22 percent and 13 percent, respectively)
Even taking these factors into account, however, the statistics are beyond concerning, and what’s worse, the full measure of the blame cannot be placed at the feet of the employees. After all, many, if not most, feel pulled in two opposing directions by management.
On the one hand, there’s the steady drumbeat of insistence that workers be more and more productive, which leads to many of these unsafe behaviors in the first place, pulling them in one direction. Then, there’s the published security policies that pull them in the opposite direction.
It can create a virtual minefield for employees, and there are no simple solutions.
Given these statistics, though, it is overwhelmingly likely that many, if not most of your employees are improperly sharing sensitive data. You may want to make correcting that problem one of your major goals for the year. The risks of doing nothing are simply too big to ignore.