IT disaster recovery, cloud computing and information security news

More than 90 percent of employees violate information security policies

Details

Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers according to CEB; to mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies.

Due to the advent of cloud-based productivity tools and the increase in collaboration between employees, more data is changing hands and leaving company-controlled networks than ever before. In fact, almost two-thirds of employees report regularly using personal technologies for work, primarily for the sake of convenience. For example, sending a file from their company computer to a personal email account to work while they are not in the office.

In choosing convenience and productivity over security, employees put sensitive data at risk – and the costs are significant. The average Fortune 1000 company already spends more than $400,000 notifying customers and employees of privacy failures each year, and that's only for the failures that are reported. 45 percent of internal privacy failures are caused by intentional but non-malicious employee actions.

To manage employee actions that jeopardize data privacy and mitigate associated costs, organizations must do two key things says CEB:

  • Avoid collecting unnecessary data: the simplest way to protect sensitive data is not to have it in the first place. But companies, drawn by big data's tantalizing promises, often collect too much information or worse, keep data long after its usefulness has passed. There's a difference between big data and ‘lots of data’, and organizations need to constantly evaluate how they use data and set guidelines on what they collect and store.
  • Build privacy into business workflows to make it easier for employees to comply with requirements: the biggest reason why employees choose not to follow required procedures is the level of burden they perceive. To lower that burden, leaders should start by prioritizing processes that handle the most data and data that is most sensitive. Leaders should also identify and address stress points in the employee lifecycle where noncompliance is most likely, such as gaps in leadership or changes in workload, and intervene with information, direction and support for employees before or during these times.

www.cebglobal.com


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The BIA Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.