Surveys point to risky employee behavior

Feb 11th, 2014 / Category: Email Encryption

Whether or not businesses implement secure file sharing policies and procedures, they depend on their employees to comply with best practices. In today's data-driven world, it's essential for companies to keep their information protected from thieves and from loss due to equipment failure or other unexpected problems. When it comes to sensitive personal information about employees or clients, data security takes on an even higher level of priority.

End-users put data at risk
Unfortunately, a recent survey revealed that workers are not contributing to secure data management. On the contrary, their behavior - whether from ignorance or carelessness - is putting information at risk and making security a difficult task for IT teams. In the ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80 percent of companies identified "end user carelessness" as the greatest security threat to their network and data. The problems didn't stop there: respondents indicated poor planning for security issues at an organizational level. Sixty-five percent did not know what security-related downtime would cost their business or how these incidents would impact their operations and only 30 percent thought they could detect or react to breaches without undue delay.

"The survey responses underscore the fact that IT and security administrators are caught in the middle between upper management and end users," said Stu Sjouwerman, KnowBe4 CEO. "They have difficulty convincing upper management to allocate the necessary monies and resources to secure the network - and their hands are tied when it comes to safeguarding corporate data from unwitting end user errors that make systems and networks vulnerable to malware and phishing threats."

One of the complicating factors for many IT teams is the expansion of bring-your-own-device (BYOD) policies, which can introduce additional vulnerabilities to a system and blur the lines between work and personal resources for employees.

Urgent action needed
The status quo is not good enough for firms, especially as big data becomes more central to business affairs. The report emphasized that organizations need to prioritize comprehensive data security strategies. This starts with identifying how downtime could impact the organization by conducting risk assessment reviews. In addition to strong security policies and procedures, companies also need to implement secure file sharing solutions and train employees on both the seriousness of the threat and the best practices they must follow, the study added.

Ecommerce Times noted that security is an ongoing process. It's never something that companies can set up and forget. Cybercriminals are continually honing their techniques and finding new ways to exploit vulnerabilities, so constant vigilance and evolution are necessary for corporate information management as well. However, strong security doesn't need to be a constant distraction. In addition to training employees, companies can use intuitive, convenient managed file transfer solutions that provide dependable security for their documents. To help alleviate the problem of end-user carelessness, it's important for these processes to be easy for employees to use. For example, email services that take advantage of multiple security measures without requiring employees to change their messaging workflows can dissuade workers from resorting to shortcuts when they share information.