Most employees are not malicious, but their carelessness can be just as damaging
The results of a new Loudhouse survey show a disconnect between employees and IT within an organization with 73 percent of U.S. employees believing their company provides sufficient training on how to protect sensitive information, while 72 percent of IT professional believe that employers are not doing enough to educate employees.
This research underscores the need for more collaboration between the executive team, IT, HR and other employees within an organization to ensure the safety of sensitive information and intellectual property (IP).
“Most employees are not acting maliciously, but their carelessness can be just as damaging,” said Heath Davies, CEO at Clearswift. “Companies need to wake up to the fact that employees have the potential to cause the company huge damage through their actions, and ensure that training, policies and technology are in place to minimize that risk. Those sitting on the board need to sit up and pay attention; critical information needs to be governed at the highest levels or it could jeopardize the future of a company.”
Other key findings from the study include:
- 62 percent of businesses worldwide think their employees don’t care enough about the implications of a security breach to change their behavior
- 57 percent say they need to make employees care more about the ramifications of a breach, explain the risks and talk about cases in the media
- 10 percent of employees have lost a device containing sensitive business information
- 12 percent have used Shadow IT without authorization
- 37 percent of respondents say they have access to information that is above their position in the company
- 45 percent of U.S. employees recognize that IP could damage their company if leaked.
Intellectual property can include new code for software products, trade secrets, designs or strategic plans, and can be very costly to lose if it is not yet protected by patents. 56 percent of employees in the U.S. have access to IP at work. Should information like this become exposed, other companies could use it to generate similar products, reducing the competitive advantage of the original developer. Less than half of U.S. employees recognize that IP could damage their company if leaked, and therefore it is unlikely they are taking the appropriate precautions to protect it.
“The value of a company’s IP is frequently misunderstood. First off, IP comes in many guises and it’s essential for organizations to recognize ‘what’ their IP is; where it exists and who has access to it,” continued Davies. “IP is often a company’s most prized possession, if it were to fall into a competitor’s hands, or even unauthorized hands, it could cause immense financial damage to a company, or as in the case of the recent attempted US naval espionage charge, potentially result in dire effects. It is incredible that so many survey respondents say they have access to such information, yet so few seem to realize its value.”
The results of this study demonstrate the need for security within an organization to be implemented across the board, and from the first day any new hire is brought on. Executives must make security a top priority in order to avoid mistakes that can lead to the loss of valuable data, costing the company money. Improperly trained staff are at risk of clicking on phishing links that invite attackers in, or inadvertently sending out information hidden within documents and metadata.
The rise of shadow IT and shift to hosted environments through cloud applications like DropBox, Google Drive or Box, in addition to the proliferation of new communications tools in the form of social media and personal devices, also makes it even more important than ever to put a companywide emphasis on security, starting with the executive team.
These applications that help workers be more productive, come with inherent risks that every user in an organization needs to be aware of. Only through proper training, education and clear direction from the company’s leadership will organizations be able to repair the disconnect between IT and employees to ensure that their valuable information is sufficiently protected.