72% of employees willing to share sensitive, confidential or regulated company info: survey

Nearly three in four (72% of) employees across eight countries, including Canada, are willing to share sensitive, confidential or regulated company information, according to a recent survey from computer technology company Dell.

Late last week, Dell released the results of its Dell End-User Security Survey, which found that not only are many employees likely to share confidential information, they are doing so without proper data security protocols in place or in mind.

Dimensional Research conducted an online survey commissioned by Dell Data Security comprising of 2,608 professionals that personally have access to and work with confidential, sensitive or regulated data and information at companies with more than 250 employees, Dell explained in a press release. Participants were surveyed across eight countries, including Australia, Canada, France, Germany, India, Japan, the United Kingdom and the United States.

The survey found that nearly three in four employees said that they would share sensitive, confidential or regulated company information under certain circumstances for a variety of reasons, including:

• Being directed to do so by management (43%);
• Sharing with a person authorized to receive it (37%);
• Determining that the risk to their company is very low and the potential benefit of sharing information is high (23%);
• Believing it will help them do their job more effectively (22%); and
• Believing it will help the recipient do their job more effectively (13%).

In particular, four in five employees in financial services (81%) would share confidential information, and employees in education (75%), healthcare (68%) and federal government (68%) are also open to disclosing confidential or regulated data at “alarmingly high rates,” the release pointed out.

“When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy,” said Brett Hansen, vice president of endpoint data security and management at Dell. “These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”

When employees handle confidential data, they often do so insecurely by accessing, sharing and storing the data in unsafe ways, the survey also found. For example, 24% of respondents indicated that they do so to “get their job done” and 18% said they did not know they were doing something unsafe. Only 3% admitted malicious intentions when conducting unsafe behaviors.

Other unsafe behaviours reported in the study:

• 45% of employees admit to engaging in “unsafe behaviours” throughout the work day – these behaviours included connecting to public Wi-Fi to access confidential information (46%), using personal email accounts for work (49%), or losing a company-issued device (17%);
• One in three employees (35%) said it is common to take corporate information with them when leaving a company;
• Employees take on unnecessary risk when storing and sharing their work, with 56% using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work; and
• Forty-five percent of employees will use email to share confidential files with third-party vendors or consultants.

Employees struggle with cybersecurity in the workplace because they do not want to see their company suffer a data breach, the release said, but they also struggle with the limitations security programs can put on their day-to-day activities and productivity. Nearly two in three employees (65%) felt that it is their responsibility to protect confidential information, including educating themselves on possible risks and behaving in a way that protects their company, with 36% of employees feeling very confident in their knowledge of how to protect sensitive company information. Another 22% felt it is difficult to keep up with changing security guidelines and policies, and 22% said they are worried that someday they will do something by mistake and cause damage to their company.

The study also found that nearly two in three (63% of) employees are required to complete cybersecurity training on protecting sensitive data. However, of those who received training, 18% still conducted unsafe behavior “without realizing what they were doing was wrong, whereas 24% conducted unsafe behavior anyway in order to complete a task,” the release said.

“While every company has different security needs, this survey shows how important it is that all companies make an effort to better understand daily tasks and scenarios in which employees may share data in an unsafe way,” Hansen said. “Creating simple, clear policies that address these common scenarios in addition to deploying endpoint and data security solutions is vital in order to achieve that balance between protecting your data and empowering employees to be productive.”