You are here

Share

Employees Routinely Share Confidential Information, Survey Finds

Posted by Andy Feit
Employees and Shadow IT

A new survey by Dimensional Research finds that 72% of employees are willing to share “sensitive, confidential, or regulated company information.” Regulated information includes information such as customer records in financial services and Patient Health Information (PHI) in healthcare.

The findings paint a bleak picture of data security practices in SMBs and enterprises. Some additional conclusions:

  • 43% would share information if instructed to do so by management.
  • 37% would share information with a person specifically authorized to receive it.
  • 23% would share information if the potential benefit were high and the risk low.
  • 22% would share information if doing so would help them do their job more effectively.
  • 13% would share information if they thought doing so would help the recipient do their job more effectively.

This willingness to share sensitive information was common across industries, including financial services, education, healthcare, and the Federal Government.

This risky behavior is taking place despite the prevalence of data security training in many organizations. In a great stroke of irony, employees who had received training in data security practices were slightly more likely than others to share data in unauthorized ways. We surmise that this is at least in part owing to the fact that those employees who routinely work with sensitive data are more likely to have received training.

Data Security Risks: Not Just What But How

Another concern raised by the survey is how employees handle sensitive data.

Nearly half of employees surveyed have used their personal email accounts for business communications, and are storing and sharing their work through public-cloud services such as Dropbox and Google Drive. (For more about the risks of using personal accounts hosted by Yahoo! or AOL, see our blog post, Data Security Lessons from the Trump White House.)

The use of personal devices and consumer applications, – often referred to as  Shadow IT – to hold and share regulated information, is considered a compliance violation in many industries as the content is moved outside of an IT department’s oversight and control. And yet, the survey shows it’s common practice.

Trend: Employees Prefer Productivity to Data Security

The primary motivation for these dangerous operational shortcuts and end runs around security measures is simply employees wanting to do their jobs efficiently. Employees want to be productive.

According to the survey:

  • 76% feel that their organization prioritizes security over productivity, making their jobs more difficult than necessary.
  • 65% agree it is their responsibility to protect confidential data; yet,
  • 24% reported engaging in unsafe behavior because they just wanted to do their jobs.

The fact that employees are knowingly circumventing security measures in order to work more efficiently, particularly at a time when data breaches are becoming more common and pernicious, is troubling, to say the least.

How kiteworks by Accellion Can Help

This survey paints a stark portrait of modern data security in spite of state-of-the-art security tools and extensive training.

What can organizations do to address these risks?

Implementing a secure content collaboration solution that builds security into everyday content sharing, but is also intuitive and easy to use, is a critical first step.

The Accellion kiteworks content collaboration platform integrates with the systems that employees are already using to store files—including Microsoft SharePoint, Office 365, OpenText, Box, Dropbox, and many others. By using kiteworks to access, edit, share and collaborate on regulated information, organizations gain a critical layer of data security and control as content accessed from any location, and from any device. Some of the important security features available with Accellion kiteworks include:

  • View-only access rights to prevent content from being copied, forwarded, or tampered with
  • Integration with leading DLP products to ensure compliance with data protection policies
  • Secure containers on mobile devices, shielding data from unauthorized access
  • Enforcement of security policies for content stored in ECM platforms and public-cloud services
  • Encryption of data in transit and at rest
  • Auditing and reporting capabilities to monitor content-sharing and demonstrate compliance

At the same time that Accellion kiteworks protects regulated information, it also provides an intuitive, easy-to-use interface, reducing the risk of employees circumventing security controls in the name of productivity. Accellion kiteworks usability features include:

  • Unified access to all enterprise content stored in on-prem and cloud-based systems
  • An Outlook plug-in that makes it easy for employees to access and send attachments within leaving their mail client
  • Microsoft Office 365 integration to create, edit, and save Microsoft files without having to duplicate files
  • Comprehensive full-text search across all content systems
  • Versioning and threaded discussions, enabling collaborators to understand which file is current how it has changed

Accellion kiteworks enables organizations to extend their existing applications, content, and workflows, to enable users inside the enterprise to securely collaborate with the external world while maintaining complete control and visibility to achieve compliance.

To learn more about the kiteworks secure content collaboration platform and how it helps employees work securely and be productive, please contact us.