By Nicholas Banks, Vice President EMEA and APAC, IronKey
Despite the ongoing challenges of information security, and the incessant threat of a data breach, many organisations are still failing to protect their intellectual property.
Educating users and executives is one of the most important things you can do to reduce your company’s vulnerability to an attack. Whilst it seems that IT departments are providing some of the necessary tools and putting some policies in place to ensure employees are keeping data secure, it would also appear that those at the top of the corporate ladder, are also increasingly likely to put confidential company information at risk.
The findings of new research by IronKey by Imation and Vanson Bourne highlighted that 44 percent of organisations believe a member of their senior management has lost a mobile device in the last year, whilst 39 percent say senior management had a device stolen. Even more concerning is that the vast majority (93 percent) of these devices contained work related data, including confidential emails (49 percent), confidential files or documents (38 percent), customer data (24 percent) and financial data (15 percent).
The survey also raised concerns over non-senior management employees, with 54 percent of organisations saying a non-senior management employee lost a device, and 49 percent reported a device stolen within the past year.
Senior management are naive when it comes to the full impact of data loss, and it is exactly those senior level execs that employees are looking to for education, and action, to prevent sensitive data falling into the wrong hands.
Cyber security liability is difficult to assign, but senior execs need to take more ownership and responsibility for data security. The Target breach in 2014 was well documented, and is a prime example of what can happen when senior execs are at the receiving end of a massive data breach with the CEO resorted to handing in his resignation, and the CIO being very swiftly replaced.
The ramifications of a data breach can be considerable, with thirty seven percent of the survey respondents aware of someone in their organisation having faced disciplinary action due to lost files or work data, and 32 percent were aware of an employee having lost their job as a result within the last year. It is clear that more must be done to manage the security of corporate data and to educate and protect employees from the repercussions of a data breach.
Education plays a crucial role in data security. Companies need to provision staff with the technologies and secure processes to work flexibly and securely, making certain they have the necessary policies in place to protect their assets. Data must be encrypted, passwords must be protected, and they must be confident that if a device is considered to be compromised, they can remotely lock it down, or initiate a self-destruct sequence to remove and protect the data.
With today’s mobile workforce the risks of a breach are only increasing and organisations need to ensure that data is secured at rest and on the move to avoid the risks associated with lost and stolen devices. In the survey, of those organisations who have, or plan to implement, a remote working or security policy, nearly a third (32 percent) do not specify that devices taken outside the office must be protected with either encryption or passwords. And a quarter (25 percent) does not specify that digital files taken outside the office must be protected with either encryption or passwords.
Employees need to be aware of the policies in place, but businesses need to enforce them and ensure they are straightforward enough not to hinder productivity or employees will look for opportunities to break the rules. In the instances where senior management are putting security measures in place, they still face significant resistance from employees who choose to ignore basic security rules. 67 percent of surveyed businesses are aware of employees breaking their organisation’s security rules to take work outside of the office. Businesses are also still failing to control how data leaves the office, with nearly half (48 percent) admitting that they cannot keep track of how employees take data with them, and 54 percent saying that data could be more adequately secured.
Education is crucial when it comes to information security, but senior execs need to practice what they preach to avoid falling foul to data loss. Those at the top are not exempt to security procedures and should be leading by example by implementing and enforcing data protection.