A third of UK staff disclose company data to friends and family

The firm says that the disclosures can either be malicious or accidental, but the bottom line is that they release the data is unauthorised.

The survey of 3000 UK workers, conducted by OnePoll, also revealed 21% of laptop/desktop owning respondents stated admitted transferring company data to their computer, even though more than half (58%) of these devices were potentially shared by other people.

Smartphone users, researchers found, also presented a risk, with 14% admitting they transfer work data to their personal handsets.

The survey found that 26% said they were willing to become whistleblowers, whilst a further 34% stated they would report illegal activity to the police.

When asked about scale of the security risk posed by employees, 82% of respondents stated that they believed the insider threat to be equal to or greater than the threat posed to organisations by external hackers.

Ross Brewer, LogRhythm's vice president, said that the research shows that there are many ways in which security breaches can occur, regardless of the insider's intentions.

"In transferring information to a personal laptop or smartphone, an insider is putting that information at risk of misuse. It need not be deliberate action but simply carelessness that does the damage", he said.

"Moreover, the willingness of employees to gossip about confidential information with their friends and families - and even to deliberately disclose information to non-colleagues - shows that organisations should be very concerned about the information they make available to insiders", he added.

Brewer went on to say that, whilst stricter policies and disciplinary action may deter some staff, it is only by continually monitoring networks that organisations can detect unusual activity, as well as reducing the risk to data.

For example, he says, deploying a protective monitoring system that enables the real-time analysis of log data means that, were a leak to occur, it could also be dealt with in real time.

"This is vital for minimising the significant reputational and financial damage that can occur as a result of a security breach", he explained.

What’s Hot on Infosecurity Magazine?