How widespread is the unsafe sharing of confidential data in the workplace? Dell answers that question with a commissioned global survey of 2,608 professionals who handle confidential data at companies with 250 or more employees.
tashka2000 / iStock / Getty Images Plus / Getty Images
The results of the Dell End User Security Survey are staggering. According to the survey, some 72 percent of employees are willing to share sensitive, confidential, or regulated company information, and they are doing so without proper data security protocols in place.
In most cases, their motives are not malicious—they are simply trying to do their jobs as efficiently and effectively as possible, according to the Dell End User Security Survey. Today’s workforce is caught between two imperatives: to be productive and efficient on the job and to secure company data. In order to address data security issues, companies must focus on educating employees and enacting policies and procedures that secure data wherever they go, without hindering employee productivity.
From an employee’s perspective, even from among individuals who have received cybersecurity training, there is much uncertainty about what entails authorized sharing of data. It is obvious to most employees that they should not e-mail a customer’s credit card information to anyone under any circumstance. However, many employees would share confidential product specifications if an employee’s manager tells him or her to do so.
As the Dell End User Security Survey reveals, there are a number of circumstances under which it makes sense to share confidential information in order to push business initiatives forward. The study shows that nearly three in four (72 percent) employees say they would share sensitive, confidential, or regulated company information under certain circumstances. The most cited circumstances include being directed to do so by management (43 percent); sharing with a person specifically authorized to receive it (37 percent); determining that the risk to their company is very low, and the potential benefit is high (23 percent); feeling it will help them do their job more effectively (22 percent); and feeling it will help the recipient do his or her job more effectively (13 percent).
From a vertical market standpoint, four in five employees in financial services (81 percent) would share confidential information, and employees in education (75 percent), health care (68 percent), and federal government (68 percent) are also open to disclosing confidential or regulated data at alarmingly high rates.
Another troubling issue uncovered by the Dell End User Security Survey is that when employees do share or interact with confidential data, they often do so insecurely. The survey indicates that 45 percent of employees across organizations admit to engaging in unsafe behaviors throughout the workday. These behaviors include connecting to public Wi-Fi to access confidential information (46 percent), using personal e-mail accounts for work (49 percent), or losing a company issued device (17 percent).Those in highly regulated organizations engage in unsafe behaviors at even higher rates: 48 percent say they have connected to public Wi-Fi to access confidential work information, more than half (52 percent) have used personal e-mail accounts for confidential work communications, and more than one in five (21 percent) have lost a company-issued work device. These numbers are even higher among employees of small to mid-size organizations.
The survey results also show that many companies lack comprehensive and consistent policies and procedures regarding data sharing. Perhaps one of the most shocking findings in the survey is that more than one in three employees (35 percent) responded that it is common to take corporate information with them when leaving a company.
The final takeaway from the survey is that many factors are contributing to unsafe data sharing. Not only are employees likely to share confidential information in the course of the workday, but companies need to focus on standardizing the process of when data should be shared and with whom, as well as how that data gets shared and what happens to it once an employee leaves the company.