Employees don’t understand the value of the business data they’re handling, which is putting their organisations at risk of security breaches.
That’s according to newly released research by Fujitsu that suggests that only seven per cent of employees rate their business’s data as more important than their own personal data when it comes to safeguarding it.
The report warns that over half of employees (52 per cent) value their own personal data more than their work data. Forty-three per cent suggested that they don’t have any idea as to the value of their business’s data.
Moreover, Fujitsu’s data suggests that a third of employees are more concerned about losing their personal data than they are about losing business data, while 89 per cent suggest they trust security of their personal emails more than their business accounts.
The statistics are worrying, especially as cyber attacks and data breaches are becoming more and more common. For example, it was recently revealed that all of the UK’s major banks and lenders have reported data breaches in the past two years.
“With one in three employees agreeing that they worry more about losing personal data than business data organisations have a challenge on their hands,” said Andy Herrington, head of cyber professional services at Fujitsu.
Herrington argued that education about the value of business data is the best way to safeguard against it being lost or compromised.
“While there is no quick fix in changing these perceptions the process needs to start with the people,” he said.
“Educating employees about the value of – and how to protect – their own personal data is a great starting point and businesses will see this data-safeguarding attitude trickle through the business, helping employees become part of the threat defence,” Herrington added.
Robert Arandjelovic, director of security strategy EMEA at Blue Coat Systems, added that “identity theft is no longer just about stealing identities”, rather it is used for social engineering in order to prepare for large-scale cyber attacks.
“This allows attackers to assume the identity of key individuals to access corporate networks and take sensitive information,” he said.
“The wealth of personal information on social media accelerates the speed of information gathering and makes social engineering easier,” Arandjelovic continued, warning that “employees should treat social media as cautiously as they treat unsolicited phone calls or emails” because of the risk of sophisticated phishing attacks.
“To combat this change, businesses should seek to strike a balance between technology and educating employees on the risks of social media,” he concluded.
However, while management in most organisations is becoming increasingly mindful of security risks, there is no such thing as absolute security.
Speaking recently in London, Admiral Mike Rogers, director of the National Security Agency and head of United States Cyber Command warned that “it is not about if you will be penetrated, but when”.
Computing‘s Identity and Access Management 2015 Summit will take place on 15 October. Go to www.computingsummit.com/identityandaccess for details