Light Dark
April 24, 2017 By Mark Samuels 2 min read

Data security is being put at risk by the unsafe practices of end users, and security staffers must do more to keep enterprise information safe. In fact, a recent Dell survey suggested almost three-quarters of employees are willing to share sensitive, confidential or regulated company information.

The global survey of workers, which was conducted by Dimensional Research, highlighted how many employees struggle to strike an effective balance between productivity and security. IT managers and their business peers should ensure their organization educates employees, and then attempt to find ways to maintain proactive data security policies that are both enforced and respected.

Why Are Workers Sharing Data?

The willingness of employees to share information appears strongly related to a lack of business clarity around how data should be used.

Researchers suggested there are many circumstances when workers are willing to share sensitive information. The reasons for sharing data include: being directed to do so by management (43 percent); sharing information with a person authorized to receive it (37 percent); and determining the risk to the company is low and the potential benefit of sharing high (23 percent).

The report also highlighted how employees often insecurely handle confidential data. Twenty-four percent of staff access, share and store data in unsafe ways to get their jobs done. Almost one-fifth (18 percent) are unaware they are being unsafe, while just 3 percent have malicious intentions. Part of these statistics can be traced back to poor consistency and education for security across the enterprise, Dell explained.

Where Is Security Policy Falling Down?

A picture emerged of where employees are putting information security at risk through unsafe working practices. These practices are often part of everyday operational activities, since a lack of strong policies leaves workers unaware of the risks they are creating.

While 63 percent of employees are required to complete cybersecurity training, 21 percent feel it is difficult to keep pace with changing security guidelines. This lack of clarity makes 22 percent of respondents believe they will eventually do something by mistake that damages the company.

Productivity, and the need to stay on top of tasks, sometimes overrides security concerns. About 18 percent of workers who receive training still conduct unsafe behavior incidentally, while 24 percent knowingly execute unsafe behaviors to fulfill their work requirements.

How Should Decision-Makers Respond?

Digital transformation means more technologies and applications will be introduced to the enterprise. These systems and services place new demands on both employees, who will be expected to use technology to increase productivity, and managers, who will have to define effective data use policies.

The Ponemon Institute suggested an ever-widening gap between the work of IT security teams and lines of business. While 61 percent of IT security professionals view the protection of critical company information as a “very high” or “high” priority, just 38 percent of end users place the same high values on data protection.

Earl Perkins, research vice president for the Internet of Things (IoT) at Gartner, told IT World Canada the growing requirement for employees to work quickly and productively means executives should balance risk management with the needs of the business. Rather than simply saying no, IT managers and their business peers must find ways to develop a risk formula capable of handling new variables and factors — and effectively convey those formulas and practices to employees.

This sentiment is echoed across the industry. TechRepublic noted that Forrester’s key lessons from 2016 regarding data security are that business managers should plan for every possible contingency, demand regular audits and work to reshape the culture around security.

 |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature