Senior managers are the worst information security offenders
As companies look for solutions to protect the integrity of their networks, data centers, and computer systems, an unexpected threat is lurking under the surface—senior management.
According to a new survey, 87% of senior managers frequently or occasionally send work materials to a personal email or cloud account to work remotely, putting that information at a much higher risk of being breached.
Released by global investigations, intelligence, and risk services company Stroz Friedberg, the survey also found that 58% of senior management reported having accidentally sent the wrong person sensitive information, compared to just 25% of workers overall.
Corporate managers also put their companies at risk of intellectual property loss if and when they depart the company. Fifty-one percent of senior management and 37% of mid-level management admit to taking job-related emails, files, or materials with them when they have left past employers. Only one-fifth of lower ranking employees have done so.
“Insiders are by far the biggest risk to the security of a company’s sensitive information, whether it’s a careless executive or a disgruntled employee. When information is compromised, a company’s reputation, customer base, and share price may suffer,” said Michael Patsalos-Fox, CEO of Stroz Friedberg. “Our inaugural information security survey demonstrates that companies need to address high-risk security behaviors within the workplace at all levels with a proactive risk mitigation plan.”
The national survey of 764 information workers explored the state of information security in U.S. businesses and surveyed respondents online regarding their thoughts on the biggest information security threats, cyber security risk mitigation, company security vulnerabilities, and the state of corporate America’s response to cyber threats.
The survey found that senior leaders in general believe their own security efforts are inadequate:
- Nearly half (45%) of senior management acknowledge that the C-suite and senior leadership themselves are responsible for protecting their companies against cyber-attacks.
- Yet, 52% of this same group indicated they are falling down on the job, rating corporate America’s ability to respond to cyber-threats at a “C” grade or lower.
- Rank-and-file workers differ in their opinions about cyber security accountability, with 54% of those respondents saying IT professionals are responsible for putting the right safeguards in place.
Employees admit fears regarding the security of their personal information at work, with 73% of respondents reporting concern that a hacker could gain access to their company’s network and steal sensitive, personal records such as their Social Security number, birthday, or home address. This worry perhaps reflects their thoughts regarding how well businesses in general are responding to cyber threats and in safeguarding sensitive or proprietary information; more than 60% of employees gave American businesses a “C” or lower when asked to grade their performance on this critical task.
BYOD and the use of personal online accounts have become prevalent in American businesses, as workers use their personal smartphones, tablets, and preferred cloud providers to stay productive while at work and out of the office. This is opening the door for businesses to encounter new and emerging threats from hackers, malware, and viruses.
A lack of corporate communication and training is also a likely culprit to explain these behaviors:
- Only 35% of respondents reported receiving regular training and communications on mobile device security from their employers
- Thirty-seven percent of employees received training on social media use
- Employees reported information sharing training just 42% of the time.
The complete survey is available here.