A third of employees say it’s common to take corporate data with them when leaving a company

Today’s workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data.

corporate data security

The results of a recent end-user security survey by Dell indicate that among the professionals that work with confidential information on a regular basis, there is a lack of understanding in the workplace regarding how confidential data should be shared and data security policies.

This lack of clarity and confusion is not without merit; there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward.

Three in four employees say they would share sensitive, confidential or regulated company information under certain circumstances for a wide range of reasons including:

  • Being directed to do so by management (43 percent)
  • Sharing with a person authorized to receive it (37 percent)
  • Determining that the risk to their company is very low and the potential benefit of sharing information is high (23 percent)
  • Feeling it will help them do their job more effectively (22 percent)
  • Feeling it will help the recipient do their job more effectively (13 percent)

“When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy,” said Brett Hansen, vice president of Endpoint Data Security and Management at Dell. “These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”

Unsafe behaviors common in the workplace

The survey finds that when employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways.

Twenty-four percent of respondents indicated they do so to get their job done and 18 percent say they did not know they were doing something unsafe. Only 3 percent of respondents said they had malicious intentions when conducting unsafe behaviors.

  • Forty-five percent of employees admit to engaging in unsafe behaviors throughout the work day
  • These behaviors include connecting to public Wi-Fi to access confidential information (46 percent), using personal email accounts for work (49 percent), or losing a company-issued device (17 percent)
  • One in three employees (35 percent) say it is common to take corporate information with them when leaving a company
  • Employees take on unnecessary risk when storing and sharing their work, with 56 percent using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work
  • Forty-five percent of employees will use email to share confidential files with third-party vendors or consultants

Cybersecurity training must be improved

The survey also revealed that only 36 percent of employees feel very confident in their knowledge of how to protect sensitive company information, even though 63 percent of polled employees are required to complete cybersecurity training on protecting sensitive data. Of those who received cybersecurity training, 18 percent still conducted unsafe behavior without realizing what they were doing was wrong.

“It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure. When a company educates its employees on cybersecurity practices, and they are still not confident nor feel empowered to properly handle sensitive data, it means the approach must be reworked,” Michael Kaiser, executive director, National Cyber Security Alliance, noted.

“Cybersecurity education needs to be an integral part of the workplace culture. It must be built around a practical, ongoing dialog in which employees are empowered and incentivized to speak up when they’re unsure about the implications of a decision. Cybersecurity education doesn’t mean hosting a one-time course or seminar; it means making security a collaborative, continuous cultural initiative.”