High ignorance of safety requirements in the office
While companies are increasingly arming themselves against cybercrime, comparatively little attention is paid to internal data security. Employees share information in the public cloud, take confidential documents home with them or forget printed pages in the printer tray. This is the conclusion of a study by Sharp.
A quarter (25%) of respondents admitted to storing work information in the publicly accessible cloud, knowingly violating company policy. Of those employees who do so, just under a third (29%) are from HR. This is particularly tricky when it comes to personal data: Using unsecured cloud services puts personal information about employees and applicants at high risk.
27% of the study participants also use public file-sharing services without their employer's consent. 40% even admitted to deliberately ignoring company guidelines and regularly taking work documents home.
Hardware as a risk factor
Complicated or outdated hardware in companies can further encourage security risks. For example, 40% of respondents prefer to use their own laptops or mobile devices for work because they are newer and easier to use. The study participants from the Millenials generation in particular were able to confirm this for themselves - more than half of them (51%) prefer to use private devices at work, where high security standards are not guaranteed.
The security-critical behavior affects digital information as well as paper documents: More than half (54%) of office employees regularly experience colleagues printing out documents and then forgetting them in the printer tray. The risk of confidential information being viewed by unauthorized persons thus increases many times over.
Employer responsibility
For Karen Renaud, an expert in cybersecurity and data protection at the University of Glasgow, it is clear that companies need to better support their employees: "As long as companies unreservedly tolerate or even unwittingly encourage the risky behavior of their employees, for example by providing poor alternatives to public cloud services, complete data security can never be guaranteed. If companies offer flexible working models - such as home office - they must also provide employees with appropriate means of protecting confidential information, such as an in-house VPN connection."
"Employees working from anywhere and having access to corporate documents has long been part of everyday life," adds Alexander Hermann, Vice President Information Systems Europe at Sharp. "Companies need to find solutions that balance modern ways of working with secure data sharing. At the same time, they need to raise security awareness and risk knowledge among their employees. At the latest when the new EU data protection regulation comes into force in May 2018, companies can face heavy fines for breaching data protection guidelines. Creating binding internal policies and providing adequate solutions for employees must therefore be a high priority."
The results are part of the study "IT satisfaction in European companies": survey of 6045 office workers in 9 countries: France, Germany, UK, Italy, Sweden, Poland, Netherlands, Czech Republic, Hungary; of which 1015 in Germany. Further information on the study: www.sharp.ch/Unlock
