Nearly three in four employees (72%) are willing to share sensitive, confidential or regulated company information, and more than one in three employees say it’s common to take confidential corporate data with them when leaving a company.
Those alarming stats are from the Dell End-User Security Survey, which found that not only are many employees likely to share confidential information, but that they are doing so without proper data security protocols in place or in mind.
Results show that today’s workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data. To address data security issues, companies must focus on educating employees and enforcing policies and procedures that secure data wherever they go, without hindering productivity. So far, they’re falling down on the job: A full 76% of employees feel their company prioritizes security at the expense of employee productivity.
Survey results indicate that among the professionals who work with confidential information on a regular basis, there is a lack of understanding in the workplace regarding how confidential data should be shared and data security policies.
“This lack of clarity and confusion is not without merit; there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward,” the report noted. This opens the door to a wide range of reasons for sharing which include: Being directed to do so by management (43%); sharing with a person authorized to receive it (37%); determining that the risk to their company is very low and the potential benefit of sharing information is high (23%); feeling it will help them do their job more effectively (22%); feeling it will help the recipient do their job more effectively (13%).
The survey found that when employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways; Almost half (45%) of employees admit to engaging in unsafe behaviors throughout the work day. These include connecting to public Wi-Fi to access confidential information (46%), using personal email accounts for work (49%) or losing a company-issued device (17%).
About a quarter (24%) of respondents indicated they do these things to get their job done, and 18% say they did not know they were doing something unsafe. Only 3% of respondents said they had malicious intentions when conducting unsafe behaviors.
“When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy,” said Brett Hansen, vice president of Endpoint Data Security and Management at Dell. “These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”
Four in five employees in financial services (81%) would share confidential information, and employees in education (75%), healthcare (68%) and federal government (68%) are also open to disclosing confidential or regulated data at alarmingly high rates. Employees take on unnecessary risk when storing and sharing their work, with 56% using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work; and 45% of employees will use email to share confidential files with third-party vendors or consultants.
Ironically, nearly two in three employees (65%) feel it is their responsibility to protect confidential information, including educating themselves on possible risks and behaving in a way that protects their company, and 36% of employees feel very confident in their knowledge of how to protect sensitive company information.
Nearly two in three (63%) employees are required to complete cybersecurity training on protecting sensitive data. However, of those who received cybersecurity training, 18% still conducted unsafe behavior without realizing what they were doing was wrong, whereas 24% conducted unsafe behavior anyway in order to complete a task.
“While every company has different security needs, this survey shows how important it is that all companies make an effort to better understand daily tasks and scenarios in which employees may share data in an unsafe way,” said Hansen. “Creating simple, clear policies that address these common scenarios in addition to deploying endpoint and data security solutions is vital in order to achieve that balance between protecting your data and empowering employees to be productive.”