The email survey, conducted during the week of the HMRC data loss, showed that the majority of respondents feel their companies are secure against the risk of data leaks.Ã‚Â Just 11% of respondents said that HMRC’s highly-publicised loss of CDs, containing personal details of 25M UK citizens, would influence their IT spending priorities.
However, the survey revealed that the organisations surveyed are still running the risk of data loss similar to HMRC.Ã‚Â Less than half of respondents (48%) said their organisation had an encryption solution to protect sensitive data.Ã‚Â 40% of the sample said their company did not have encryption, and a worrying 12% did not know if encryption was in place.
The research also showed that business PCs, laptops and mobile devices are also vulnerable to threats from malware, and attempts to hijack remote network connections.Ã‚Â Just 39% of respondents said their company had an endpoint security solution, to protect PCs against unauthorised access or malware.Ã‚Â 37% did not have endpoint security, and 25% were unable to say if they had or not.
However, when asked if their organisation’s IT security policy includes data protection issues such as the use of USB drives for transporting data, 73% of the sample said it did.Ã‚Â According to Check Point, this highlights the fact that corporate security policies are not being enforced by solutions.
Nick Lowe, Check Point’s regional director for Northern Europe said:Ã‚Â
It’s worrying that a majority of the companies surveyed feel they are safe against data loss.Ã‚Â Over half of the survey sample does not have the basic security measures in place, to stop the type of employee behaviour that caused the leak at HMRC.Ã‚Â
Securing any kind of sensitive data must be automated, so that employees cannot alter or stop the security processes.Ã‚Â Organisations have to protect their data, themselves and their employees against the risks of possible data leaks, and automation is the only way to do that.
The survey also showed that companies strongly agree (85%) with mandatory notification of affected parties in the event of a data breach, as is the law in the US.Ã‚Â Just 9% disagreed.Ã‚Â 36% of respondents thought immediate dismissal was appropriate for parties causing data leaks on the scale of the recent HMRC loss.