Share

Top 5 Stories

News

Almost half of employees admit to bypassing security controls

10 May 2013

Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice.

The research from Voltage Security found that while an overwhelming 85% of employees say that security has added value to their company, half of sales-focused employees say their job is hindered because they aren’t getting access to all the information they need. And with more than half of the respondents working for large organizations (the majority employing more than 5,000 people), the potential ramifications are notable.

“It is safe to assume that with the majority of people working for major organizations with more than 5,000 employees, the loss of a single deal can be detrimental to business and may well cause millions in damage,” said Dave Anderson, senior director of marketing at Voltage Security, in an email statement. “The results show that organizations employ an array of restricting security tools that struggle to make data available to the right people, though the fundamental issue of security remains.”

The study also revealed that the pressure on companies to access information to get their job done is dividing the workforce. While 40% of companies have lost a sales opportunity because employees weren’t able to access the information they needed, an alarming 46% avoided the possibility of losing a sales opportunity by bypassing security controls to access necessary sensitive information to get the job done.

In other words, companies need to strike a balance that allows employees to get to the data they need without compromising security by exposing sensitive information to the wrong people. With regards to security, the findings revealed a paradox: 29% of respondents said their organization would notice within seconds or minutes if sensitive data wasn’t secured, but then 40% said they would never notice. And worse, half of respondents said they have had access to financial, customer or HR information they didn’t really need –putting potentially sensitive information at risk.

“Protecting sensitive data is the key requirement,” Anderson said. “Security can, and should be, seamlessly integrated into current business processes, rather than standalone functions that enable employees to protect information at all times. Deploying a data-centric framework will enable companies to protect sensitive information at all times, while still allowing employees to access, use, and move the data within the enterprise as needed to perform their duties.”

Security strategies, he noted, should not be based on only protecting a device, server, tape, disk or media – sensitive data should be protected anywhere it moves, and any way it is used. Also, companies should implement data protection solutions that comprehensively protect all structured and unstructured data types across the entire IT infrastructure, including everything from legacy and mainframe, to data in the cloud and on mobile devices. Only protecting a single data type or a limited number of applications can leave an organization vulnerable.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Industry News  •  Security Training and Education

 

Comments

shelbystuart says:

27 May 2013
Of course employees by pass security for BYOD. At our hospital, our doctors were sending text messages with patient info which opened us up to HIPAA violations. We got them Tigertext HIPAA compliant text messaging to make it secure.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×