This may be hard to hear, but you and your employees are a serious security risk.
A new survey report addresses the “brutal truth” that employees take your data with them when they quit. The authors say, “Although many companies have traditional prevention tools in place, data loss, leaks, and theft–particularly from insiders– continues to happen at an alarming pace.” Read on for the highlights of this eye-opening report and tips on how to protect your data.
To put it bluntly, your employees are a security risk. Not only are workers one of the biggest threats to organizations’ data security, business and IT/information security leaders are not immune. According to the report, 65% of CEOs and 78% of CSOs report clicking on a link they shouldn’t have. Among other alarming findings:
- Of the 38% of companies reporting a data breach in the previous 18 months, 50% cited employee actions as the cause. Other causes included third-party actions, an external actor (e.g., malware), software or hardware failure, and unpatched security vulnerability. Over two-thirds say their organization didn’t have a prevention strategy in place at the time of the breach.
- Nearly two-thirds (63%) of all survey respondents say they have brought data from past employers to a new company.
- Over half (51%) of business leaders and 57% of information security leaders say they believe a colleague has brought information/ideas/intellectual property/data with them from a previous employer.
- About a quarter (27%) of information security leaders don’t monitor the data that new employees bring into the organization.
- Employees, including those in leadership roles, often feel entitled to take data with them. In this survey, 72% of information security leaders and 71% of business leaders agree with the statement, “It’s not just corporate data, it’s my work and my ideas.”
- Over three-quarters (78%) of information security leaders believe that prevention strategies and solutions aren’t enough to stop inside threats.
Most survey respondents agree that companies need a tougher, more aggressive strategy to prevent breaches and protect data. Nearly three-quarters (73%), in fact, say the only way to keep data safe is to lock down devices and access. However, this tactic also is widely considered to be impractical. Respondents suggest that more viable solutions include coordinated security planning and ensuring that all employees understand potential cybersecurity threats and what impact they can have.
Employee communication and training is key. About a third (30%) of information security leaders believe that constant alerts and media coverage of data breaches has resulted in workers feeling desensitized toward potential risks. Nearly all (89%) admit to feeling desensitized themselves.
With more employees working remotely and the use of mobile technology on the rise, the study authors note, “Security teams must act now and find a new way to safeguard their organization’s valuable intellectual property.”