Study examines depth human behavior plays in data breaches
Your company employees can be one of your greatest assets, but a new study from Shred-it showed how your workers also can present significant risks, too.
With one-third of working adults in the U.S. admitting to potentially risky behavior at work, employee negligence poses major security concerns for U.S. businesses, according to Shred-it's State of the Industry Report, which exposes information and data security risks currently threatening U.S. enterprises and small businesses and includes survey findings from the Shred-it Security Tracker, conducted by Ipsos.
When assessing the cause of data breaches, the report found that employee negligence or accidental loss is a main cause. Nearly half of c-suite executives (47 percent) and small business owners (42 percent) reported that human error or accidental loss by an employee was the cause of a data breach.
Additionally, more than one in four c-suite executives (28 percent) and nearly one in five small business owners (17 percent) reported human error or accidental loss by an external vendor caused their organization to suffer a data breach.
“The study’s findings clearly show that seemingly small habits can pose great security risk and add up to large financial, reputational and legal risks,” Shred-it vice president Monu Kalsi said.
“For companies looking to better protect their data, smart information security begins with giving employees access to smart information security practices and training,” Kalsi continued. “Through consistent training and education, businesses of all sizes can take back ownership of information security and create a more security-minded work culture among their employees.”
The study also found that 78 percent of c-suite executives and just over one in four (28 percent) small business owners plan to train their staff on information-security procedures and policies over the next year.
Additional findings from the report available online here expose high risk areas and activities businesses should consider examining, including:
— Off-site and remote work habits are in play. When employees work remotely or off-site, businesses believe the odds of a data breach occurring are higher
— Eight-six percent of c-suite executives and 60 percent of small business owners agree that the risk of a data breach is higher when employees work off-site than when they work at the office.
— However, despite security risk concerns, just 35 percent of small business owners have a policy in place for storing or disposing of confidential information while working off-site, while 54 percent of small business owners have no policy in place at all.
— A majority of c-suite executives have an information security plan in place. These respondents reported that they train employees on keeping sensitive information out-of-sight when working in a public space (81 percent), sharing company-issued electronic devices with family or friends (60 percent), keeping company-issued devices safe from interference from children or pets at home (56 percent), using public Wi-Fi (54 percent), identifying fraudulent emails (71 percent) and providing guidance on how to report a lost or stolen electronic device (73 percent).
— Physical document security is a concern. From loosely stored confidential notes on a desk to the theft of paper documents while working off-site, U.S. employees create vulnerable paper trails.
— Most U.S. workers (65 percent) admit they take notes at work in a paper notebook. Additionally, two in five (39 percent) admit they leave these work documents or notebooks on their desk after they leave the office for the day, leaving documents with confidential information vulnerable to theft.
— Thirty-six percent of c-suites admit employees lost or had paper documents with sensitive company information stolen, compared to just 6 percent of small business owners.
— As workers continue to turn to pen and paper to take confidential business notes inside and outside the office, the good news is that 96 percent of c-suites say they have a policy for storing and disposing confidential paper documents. However, just 49 percent of small business owners report that they have a paper policy in place.
— Device use is a major consideration, too. Bad employee habits are bad news for businesses, as U.S. workers are losing computers and mobile devices and/or leaving them vulnerable to theft.
— One in four U.S. workers (26 percent) leave their computer on and unlocked when they leave work for the day.
— Around half of c-suite executives indicate that they have had employees who lost or had their company laptop/device (49 percent) or company mobile phone (43 percent) stolen. Comparatively, small business owners were much less likely to report employees had lost or had their company laptop/device (7 percent) or company mobile phone (9 percent) stolen.
— Nearly one in five c-suite executives (17 percent) and small business owners (18 percent) suffered a data breach due to an employee losing or having sensitive information stolen.