More than 90 percent of employees violate information security policies
- Published: Tuesday, 08 November 2016 10:31
Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers according to CEB; to mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies.
Due to the advent of cloud-based productivity tools and the increase in collaboration between employees, more data is changing hands and leaving company-controlled networks than ever before. In fact, almost two-thirds of employees report regularly using personal technologies for work, primarily for the sake of convenience. For example, sending a file from their company computer to a personal email account to work while they are not in the office.
In choosing convenience and productivity over security, employees put sensitive data at risk – and the costs are significant. The average Fortune 1000 company already spends more than $400,000 notifying customers and employees of privacy failures each year, and that's only for the failures that are reported. 45 percent of internal privacy failures are caused by intentional but non-malicious employee actions.
To manage employee actions that jeopardize data privacy and mitigate associated costs, organizations must do two key things says CEB:
- Avoid collecting unnecessary data: the simplest way to protect sensitive data is not to have it in the first place. But companies, drawn by big data's tantalizing promises, often collect too much information or worse, keep data long after its usefulness has passed. There's a difference between big data and ‘lots of data’, and organizations need to constantly evaluate how they use data and set guidelines on what they collect and store.
- Build privacy into business workflows to make it easier for employees to comply with requirements: the biggest reason why employees choose not to follow required procedures is the level of burden they perceive. To lower that burden, leaders should start by prioritizing processes that handle the most data and data that is most sensitive. Leaders should also identify and address stress points in the employee lifecycle where noncompliance is most likely, such as gaps in leadership or changes in workload, and intervene with information, direction and support for employees before or during these times.