Inadequate security requirements in the office
Security requirements are actually insignificant when companies are increasingly arming themselves against cybercrime and external attacks, but employees pay comparatively little attention to internal data security. Employees share information in the public cloud or forget printed pages in the printer tray, according to a recent study by Sharp Business Systems in collaboration with the market research institute Censuswide.
Summertime isn't the only time security policies go awry. For example, a quarter (25 percent) of respondents admitted to storing work information in the publicly accessible cloud, knowingly violating company policies. Of those employees who do this, just under a third (29 percent) are from HR.
This is especially tricky when it comes to personal data: Using unsecured cloud services exposes personal information about employees and job applicants to high risk. 27 percent of German study participants also use public file sharing services without their employer's consent. A full 40 percent even admitted to deliberately ignoring company guidelines and regularly taking work documents home with them.
Hardware as a risk factor
Complicated or outdated hardware in companies can further encourage security risks. For example, 40 percent of respondents prefer to use their own laptops or mobile devices for work because they are newer and easier to use. The study participants from the Millenials generation in particular were able to confirm this for themselves - more than half of them (51 percent) prefer to use private devices at work that do not guarantee high security standards.
The security-critical behavior affects digital information as well as paper documents: More than half (54 percent) of office employees regularly experience colleagues printing out documents and then forgetting them in the printer tray. The risk of confidential information being viewed by unauthorized persons increases many times over.
Employer responsibility
For Dr Karen Renaud, an expert in cybersecurity and data protection at the University of Glasgow, it is clear that companies need to better support their employees: "As long as companies unreservedly tolerate or even unwittingly encourage the risky behaviour of their employees, for example by providing poor alternatives to public cloud services, complete data security can never be guaranteed. If companies offer flexible working models - such as home office - they must also provide employees with appropriate means of protecting confidential information, such as an in-house VPN connection."
At the latest when the new EU data protection regulation comes into force in May 2018, companies can be prosecuted with heavy fines for violating data protection guidelines. The creation of binding internal guidelines and the provision of adequate solutions for employees must therefore be given high priority.
Further information on the Sharp study can be found at this Link
