A new survey by Dimensional Research finds that 72% of employees are willing to share “sensitive, confidential, or regulated company information.” Regulated information includes information such as customer records in financial services and Patient Health Information (PHI) in healthcare.
The findings paint a bleak picture of data security practices in SMBs and enterprises. Some additional conclusions:
This willingness to share sensitive information was common across industries, including financial services, education, healthcare, and the Federal Government.
This risky behavior is taking place despite the prevalence of data security training in many organizations. In a great stroke of irony, employees who had received training in data security practices were slightly more likely than others to share data in unauthorized ways. We surmise that this is at least in part owing to the fact that those employees who routinely work with sensitive data are more likely to have received training.
Data Security Risks: Not Just What But How
Another concern raised by the survey is how employees handle sensitive data.
Nearly half of employees surveyed have used their personal email accounts for business communications, and are storing and sharing their work through public-cloud services such as Dropbox and Google Drive. (For more about the risks of using personal accounts hosted by Yahoo! or AOL, see our blog post, Data Security Lessons from the Trump White House.)
The use of personal devices and consumer applications, – often referred to as Shadow IT – to hold and share regulated information, is considered a compliance violation in many industries as the content is moved outside of an IT department’s oversight and control. And yet, the survey shows it’s common practice.
Trend: Employees Prefer Productivity to Data Security
The primary motivation for these dangerous operational shortcuts and end runs around security measures is simply employees wanting to do their jobs efficiently. Employees want to be productive.
According to the survey:
The fact that employees are knowingly circumventing security measures in order to work more efficiently, particularly at a time when data breaches are becoming more common and pernicious, is troubling, to say the least.
How kiteworks by Accellion Can Help
This survey paints a stark portrait of modern data security in spite of state-of-the-art security tools and extensive training.
What can organizations do to address these risks?
Implementing a secure content collaboration solution that builds security into everyday content sharing, but is also intuitive and easy to use, is a critical first step.
The Accellion kiteworks content collaboration platform integrates with the systems that employees are already using to store files—including Microsoft SharePoint, Office 365, OpenText, Box, Dropbox, and many others. By using kiteworks to access, edit, share and collaborate on regulated information, organizations gain a critical layer of data security and control as content accessed from any location, and from any device. Some of the important security features available with Accellion kiteworks include:
At the same time that Accellion kiteworks protects regulated information, it also provides an intuitive, easy-to-use interface, reducing the risk of employees circumventing security controls in the name of productivity. Accellion kiteworks usability features include:
Accellion kiteworks enables organizations to extend their existing applications, content, and workflows, to enable users inside the enterprise to securely collaborate with the external world while maintaining complete control and visibility to achieve compliance.
To learn more about the kiteworks secure content collaboration platform and how it helps employees work securely and be productive, please contact us.