Dell recently commissioned Dimensional Research to look into the data security habits of over 2,600 professionals in eight countries, including the United States and Canada. Although participants worked for organizations with 250 employees or more – squarely in the 'midsized' part of the small and midsized business (SMB) category – their attitudes are cause for alarm at businesses of all sizes, regardless of headcount.
Seventy-two percent of respondents admitted that they would be willing to share confidential, regulated and otherwise sensitive information under certain circumstances. Why would employees risk it?
The pressures of the job are one reason. Forty-three percent said they would share sensitive information if directed to do so by management.
Some would share the information if they deemed the potential benefit outweighed the risk (23 percent) while others said it would help them perform their jobs in a more effectively (22 percent) or help the recipients do the same (13 percent).
Thirty-seven percent said they would support giving the information with those who are specifically authorized. On the surface, some of these scenarios don't seem too awful, particularly those that involve colleagues. Indeed, there are often legitimate reasons for sharing sensitive information.
But as the report points out, cybercriminals often pose as a fellow coworker or trusted partner to scam well-meaning workers out of sensitive data.
More (Bad) Data Habits
Many workers admitted to connecting to public Wi-Fi networks to access confidential information (46 percent) and nearly half (49 percent) said they use personal email accounts on the job. Seventeen percent admitted to losing an employer-issued device.
Those figures are slightly worse among employees at highly-regulated businesses. Forty-eight percent use public Wi-Fi while accessing confidential information and 52 percent use personal accounts to trade sensitive information. More than a fifth (21 percent) of such workers said they lost a device issued to them by their employer.
Making matters worse, the report notes that the smaller an organization is, the worse those figures get.
In a sense, many business leaders are sacrificing security for productivity, however unwittingly. "According to the Dell End-User Security Survey, employees at SMB organizations are more likely to engage in 'unsafe' behaviors than those in larger organizations, and more than three in four employees (76 percent) feel their company prioritizes security at the expense of employee productivity," Brett Hansen, vice president of Endpoint Data Security and Management at Dell, told Small Business Computing.
Luckily, business leaders have a lot influence on their workforces, which can translate into tighter security. "To instill a culture that values data security, it needs to start from the top and have buy in from executives," Hansen added. "Employees need to be educated about their role in privacy and security, as well as the importance of protecting sensitive and critical data."
In addition to establishing a culture that values data security, businesses should enlist technology to help with the cause.
"SMBs also need to deploy security solutions that protects their critical data without hampering productivity. The combination of executive buy-in and awareness, employee education and the use of robust security solutions will go a long way towards fostering a culture of data security," said Hansen.
And here are a couple more findings for business owners who don't have enough worries to keep them up at night.
"Perhaps one of the most shocking findings is that more than one in three employees (35 percent) say it's common to take corporate information with them when leaving a company," states the report. Three percent said they engage in unsafe behaviors with malicious intent.