Dell recently conducted a survey involving 2,608 global professionals working for companies in the enterprise sector with 250 or more employees. The results of this survey are no less than shocking and should be of interest to any business that deals with secure private or corporate information.
These days, we trust corporations with our most private information. We trust Google to keep our search queries safe, prevent unwanted individuals from reading our email, and in some cases even to protect data that is essential to the daily operation of our businesses. We share our health information with cloud-based services that track our food and heart rate, our financial data with e-commerce sites, and so much more.
Phishing employees for company information
This security of our data is only as strong as the security of the company information to whom we trust that data. Quite often, large data breaches and other leaks of private data comes about as the result of phishing exhibitions from the outside. Hackers and other malicious individuals conning employees to share company information that helps them to infiltrate their networks.
Verizon released a report last year detailing how big of a threat phishing attempts are to enterprise security. Phishing is a type of social engineering in which someone talks someone else into giving up information they shouldn’t.
One way would be to call up a phone company and pretend to be a technician requesting data in the field. An unsuspecting employee might consider the request routine, handing over the information without much thought. That data, depending on its level of sensitivity, could then be used to gain access to even more sensitive information.
Another common practice is to send email to employees with links to spoof sites that fool them into filling out information that would normally be protected. As long as the site appears genuine, the employee may not even notice they’ve shared anything they shouldn’t have.
What Dell’s digging discovered
In Dell’s End-user Security Survey, 72% of employees stated they are willing to share sensitive, confidential or regulated company information under certain circumstances. These circumstances in which this information would be shared varied.
Among the 72% of employees that said they would share information, the reasons they gave for doing so included…
- being directed to do so by management (43%)
- sharing with a person authorized to receive it (37%)
- the risk is very low and the benefit high (23%)
- it will help them do their job more effectively (22%)
- it will help the recipient do their job more effectively (13%)
This survey uncovered a general lack of caution around sensitive corporate information. Acting as individuals, employees indicated they would take security shortcuts it if meant helping them do their job or if they felt the risk was worth the benefit of doing so.
This doesn’t mean that individuals are intentionally handing out corporate data for any malicious purpose. Rather, they are just trying to do their jobs more efficiently. Strict security procedures are often seen as a hindrance to efficiency.
A lot of unsafe practices
This data sharing isn’t just limited to direct sharing of corporate data. It also occurs in the form of unsafe practices. 45% of respondents admitted that they engage in practices most companies would forbid.
For example, 46% of these individuals indicated that they have connected to public Wi-Fi to access confidential information. Even with precautions like a VPN or secured remote access in place, connecting to publicly accessible Wi-Fi networks pose an increased risk.
Another 49% of these respondents shared that they use personal email accounts for work. This particular type of breach has made headlines in recent years as several high-profile United States government employees were discovered to have been conducting sensitive information on private email servers.
In January, security analysts were shocked to discover that the official Twitter account of the President of the United States was secured with a Gmail email account.
This survey shed light on how easy it is for well-meaning employees to play fast-and-loose with their company’s security policies. One can only hope that surveys like this one help IT professionals and business leaders research better ways of implementing these protocols – and of encouraging their employees to follow them.