Nearly two-thirds of European office workers are prepared to use “shadow IT” to circumvent controls designed to ensure organizations comply with forthcoming EU data protection regulations, according to Sophos.
The security vendor interviewed over 1,000 workers across the UK, France and Germany in an attempt to better understand the levels of awareness and preparation ahead of the coming EU General Data Protection Regulation.
An overwhelming majority (84%) agreed that Europe needed stronger data protection laws in place and said they were concerned about the security of both personal (79%) and corporate data (65%).
However, a worrying 77% said they were not confident about their organizations’ ability to comply. Just 23% could confirm that their organization encrypts both employee and customer data.
UK organizations fared better than those in France and Germany in terms of their levels of preparedness for the new regulations.
Some 60% of employees in the UK, compared with 43% in France and 50% in Germany, said their organization had a data protection policy and it had been clearly communicated.
However, more concerning still is the readiness of employees to bypass these important security controls by using personal cloud and other non-corporate IT services.
Some 64% said they were prepared to use so-called shadow IT.
Sophos security expert Ross McKerchar told Infosecurity that the high percentage of users willing to bypass IT controls highlights the fact that firms “simply aren’t keeping up with modern collaboration methods and tools.”
“Employees are more empowered than they’ve ever been and IT departments are no longer in a position where they can dictate ways of working,” he added.
“CIOs and IT managers need to recognize this wave of change and work with the business to design policies and deploy tools which work with, not against, employees. Failing to do this will not only hamper productivity but could also put your customers' data at risk.”