Employees undermining cyber security by sharing confidential data

Employees are undermining their companies’ cyber security efforts by breaking the rules to share confidential data, according to a new report from Dell.

The research found that 81 per cent of employees in the financial services industry would share confidential, sensitive or regulated company information for a range of reasons.

Overall, 43 per cent of employees said they would do so if directed by management, 37 per cent would share it with a person authorised to receive it and 23 per cent would if they thought it was low-risk.

Meanwhile, 22 per cent would share confidential data if it helped them do their jobs more effectively and 13 per cent would if it helped the recipient in their work.

“When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy,” said Brett Hansen, vice president of endpoint data security and management at Dell.

“These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”

Overall, three quarters of employees said they would share confidential data under certain circumstances or in certain situations. Beyond the financial services industry, the most likely workers to share confidential data were in education (75 per cent) and healthcare (68 per cent).

Despite this, 65 per cent of employees said they believe it is their responsibility to protect sensitive data, and 36 per cent feel confident they know how to do this.

But 21 per cent feel it is difficult to keep up with changing security guidelines and policies and 22 per cent say they are worried that someday they will cause damage by mistake.

“While every company has different security needs, this survey shows how important it is that all companies make an effort to better understand daily tasks and scenarios in which employees may share data in an unsafe way,” Hansen said.

“Creating simple, clear policies that address these common scenarios in addition to deploying endpoint and data security solutions is vital in order to achieve that balance between protecting your data and empowering employees to be productive.”

For more from the report, see the Dell website.


Photo © kostsov / 123RF Stock Photo