Data security is being put at risk by the unsafe practices of end users, and security staffers must do more to keep enterprise information safe. In fact, a recent Dell survey suggested almost three-quarters of employees are willing to share sensitive, confidential or regulated company information.

The global survey of workers, which was conducted by Dimensional Research, highlighted how many employees struggle to strike an effective balance between productivity and security. IT managers and their business peers should ensure their organization educates employees, and then attempt to find ways to maintain proactive data security policies that are both enforced and respected.

Why Are Workers Sharing Data?

The willingness of employees to share information appears strongly related to a lack of business clarity around how data should be used.

Researchers suggested there are many circumstances when workers are willing to share sensitive information. The reasons for sharing data include: being directed to do so by management (43 percent); sharing information with a person authorized to receive it (37 percent); and determining the risk to the company is low and the potential benefit of sharing high (23 percent).

The report also highlighted how employees often insecurely handle confidential data. Twenty-four percent of staff access, share and store data in unsafe ways to get their jobs done. Almost one-fifth (18 percent) are unaware they are being unsafe, while just 3 percent have malicious intentions. Part of these statistics can be traced back to poor consistency and education for security across the enterprise, Dell explained.

Where Is Security Policy Falling Down?

A picture emerged of where employees are putting information security at risk through unsafe working practices. These practices are often part of everyday operational activities, since a lack of strong policies leaves workers unaware of the risks they are creating.

While 63 percent of employees are required to complete cybersecurity training, 21 percent feel it is difficult to keep pace with changing security guidelines. This lack of clarity makes 22 percent of respondents believe they will eventually do something by mistake that damages the company.

Productivity, and the need to stay on top of tasks, sometimes overrides security concerns. About 18 percent of workers who receive training still conduct unsafe behavior incidentally, while 24 percent knowingly execute unsafe behaviors to fulfill their work requirements.

How Should Decision-Makers Respond?

Digital transformation means more technologies and applications will be introduced to the enterprise. These systems and services place new demands on both employees, who will be expected to use technology to increase productivity, and managers, who will have to define effective data use policies.

The Ponemon Institute suggested an ever-widening gap between the work of IT security teams and lines of business. While 61 percent of IT security professionals view the protection of critical company information as a “very high” or “high” priority, just 38 percent of end users place the same high values on data protection.

Earl Perkins, research vice president for the Internet of Things (IoT) at Gartner, told IT World Canada the growing requirement for employees to work quickly and productively means executives should balance risk management with the needs of the business. Rather than simply saying no, IT managers and their business peers must find ways to develop a risk formula capable of handling new variables and factors — and effectively convey those formulas and practices to employees.

This sentiment is echoed across the industry. TechRepublic noted that Forrester’s key lessons from 2016 regarding data security are that business managers should plan for every possible contingency, demand regular audits and work to reshape the culture around security.

more from

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…