BreachExchange mailing list archives
Your Employees Don't Care About Data Security. Here's Why
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 7 Mar 2014 13:09:25 -0700
http://www.businessnewsdaily.com/6035-why-employees-ignore-mobile-data-security.html While you may view data security as a top priority, your employees don't. A new study by the Absolute Software Corp. revealed that many employees take a relaxed attitude toward ensuring the mobile devices they use for work are secure, despite the negative consequences that come when the data on them is lost or stolen. The research shows that while data breaches can cost organizations millions of dollars in penalties, nearly two-thirds of employees who use a mobile device think the corporate data stored on them is worth only $500 or less. Additionally, a quarter of those surveyed believe employees shouldn't face any punishment for losing or leaking corporate information, since data security is not their responsibility. Among those who do feel punishment is order, the majority think having to replace the device on their own or getting lectured about the incident are appropriate penalties. [5 Signs It's Time to Fire an Employee] The study also discovered that numerous employees have no clue what to do if they lose their mobile device or even if their company has a plan on how they should handle such situations. More than 20 percent did not know their company's procedure for dealing with a lost or stolen work device, while 10 percent indicated that their employer is not looking to introduce a procedure for the loss or theft of mobile devices. "If firms don't set clear policies that reflect the priority of corporate data security, they can't expect employees to make it a priority on their own," said Tim Williams, mobile enterprise data expert and director of product management at Absolute Software. Even those employees who have had smartphones stolen or lost don't take security very seriously. The research found that 35 percent of those who had lost their mobile phones did not change their security habits afterwards. Williams said the lax attitude of workers toward securing mobile devices and the data they contain places businesses and their sensitive data in a vulnerable position. "The data may be carried around in the employee's pocket, but the half-million-dollar fines we've seen levied due to data loss come out of the company's pocket," he said. "Clear policies, properly articulated to employees, will ensure that the entire company, not just IT, unites against mobile data loss." The study was based on surveys of 750 U.S. employees who have a mobile phone for work purposes.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Your Employees Don't Care About Data Security. Here's Why Audrey McNeil (Mar 17)