April 24, 2017 By Mark Samuels 2 min read

Data security is being put at risk by the unsafe practices of end users, and security staffers must do more to keep enterprise information safe. In fact, a recent Dell survey suggested almost three-quarters of employees are willing to share sensitive, confidential or regulated company information.

The global survey of workers, which was conducted by Dimensional Research, highlighted how many employees struggle to strike an effective balance between productivity and security. IT managers and their business peers should ensure their organization educates employees, and then attempt to find ways to maintain proactive data security policies that are both enforced and respected.

Why Are Workers Sharing Data?

The willingness of employees to share information appears strongly related to a lack of business clarity around how data should be used.

Researchers suggested there are many circumstances when workers are willing to share sensitive information. The reasons for sharing data include: being directed to do so by management (43 percent); sharing information with a person authorized to receive it (37 percent); and determining the risk to the company is low and the potential benefit of sharing high (23 percent).

The report also highlighted how employees often insecurely handle confidential data. Twenty-four percent of staff access, share and store data in unsafe ways to get their jobs done. Almost one-fifth (18 percent) are unaware they are being unsafe, while just 3 percent have malicious intentions. Part of these statistics can be traced back to poor consistency and education for security across the enterprise, Dell explained.

Where Is Security Policy Falling Down?

A picture emerged of where employees are putting information security at risk through unsafe working practices. These practices are often part of everyday operational activities, since a lack of strong policies leaves workers unaware of the risks they are creating.

While 63 percent of employees are required to complete cybersecurity training, 21 percent feel it is difficult to keep pace with changing security guidelines. This lack of clarity makes 22 percent of respondents believe they will eventually do something by mistake that damages the company.

Productivity, and the need to stay on top of tasks, sometimes overrides security concerns. About 18 percent of workers who receive training still conduct unsafe behavior incidentally, while 24 percent knowingly execute unsafe behaviors to fulfill their work requirements.

How Should Decision-Makers Respond?

Digital transformation means more technologies and applications will be introduced to the enterprise. These systems and services place new demands on both employees, who will be expected to use technology to increase productivity, and managers, who will have to define effective data use policies.

The Ponemon Institute suggested an ever-widening gap between the work of IT security teams and lines of business. While 61 percent of IT security professionals view the protection of critical company information as a “very high” or “high” priority, just 38 percent of end users place the same high values on data protection.

Earl Perkins, research vice president for the Internet of Things (IoT) at Gartner, told IT World Canada the growing requirement for employees to work quickly and productively means executives should balance risk management with the needs of the business. Rather than simply saying no, IT managers and their business peers must find ways to develop a risk formula capable of handling new variables and factors — and effectively convey those formulas and practices to employees.

This sentiment is echoed across the industry. TechRepublic noted that Forrester’s key lessons from 2016 regarding data security are that business managers should plan for every possible contingency, demand regular audits and work to reshape the culture around security.

More from

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today