Private, highly-sensitive employee information, including banking details, HR files and personal healthcare records, is at risk. While many companies take the security of their customer data seriously, employees are not protected to the same level, according to a new Sophos study.
For example, 31 percent of the companies surveyed that store this type of data admit that employee bank details are not always encrypted. Forty-three percent of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47 percent) fail to consistently encrypt these records.
Of the U.S. companies surveyed that do use encryption, only 79 percent claim to always secure employee bank details, making it the most advanced of the six countries. By comparison, 48 percent in Japan fail to consistently encrypt employee bank details, making their employees the least protected.
Company data remains at risk as well. Nearly one-third (30 percent) of all organizations surveyed fail to always encrypt their own corporate financial information, and nearly half (41 percent) inconsistently encrypt files containing valuable intellectual property. The percentage is higher in the U.S. where 62 percent of organizations cite the need to secure proprietary data as a key driver to encryption.
Cloud data security is also driving encryption adoption. More than eight in ten companies (84 percent) expressed concern about the safety of data stored in the cloud. Nevertheless, while 80 percent are using the cloud for storage, only 39 percent encrypt all files stored in the cloud.
The U.S. leads all six countries with a propensity to encrypt all files in the cloud with 48 percent of those surveyed in America doing so. Malaysia is at the opposite end of the spectrum with only 17 percent of businesses surveyed encrypting all files in the cloud.
“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,” commented Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it.”
Encryption demand is growing although companies cite budget, performance concerns and lack of deployment knowledge as the top three barriers to implementing a solution. Three-quarters of organizations acknowledge that they need to improve how they encrypt and secure employee, customer and company information. In fact, over the next two years, 69 percent of organizations surveyed plan to increase their use of encryption, showing that companies are moving in a positive direction.
“The State of Encryption Today survey confirms that while encryption is widely used and accepted by businesses, it also highlights critical gaps,” continued Schiappa. “Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective.”
The State of Encryption Today survey methodology includes 1,700 IT decision makers interviewed in the U.S., Canada, India, Australia, Japan and Malaysia. All respondents were from organizations with 100 to 2,000 employees in all sectors, excluding government. Vanson Bourne conducted the study.