According to Dell today’s global workforce needs better cybersecurity savvy
Today’s global workforce is caught between a rock and a hard place when it comes to data security, according to the Dell End-User Security Survey, commissioned by Dell and conducted by Dimensional Research.
The rock: be productive and efficient on the job. The hard place: maintain the security of company data. At issue is employee sharing of confidential information without having proper data security protocols in place.
The survey was conducted across eight countries, from February 24 to March 9, 2017. It revealed disturbing trends such as:
- Nearly three in four employees (72 percent) are willing to share sensitive, confidential, or regulated company information.
- More than one in three employees say it’s common to take confidential corporate data when leaving the company.
- 76 percent of employees feel their company prioritizes security at the expense of employee productivity.
While there are circumstances under which it makes sense to share confidential information in order to move business initiatives forward, the survey shows that there is a lack of understanding in the workplace regarding data policies and how confidential data should be shared among professionals who work with such information on a regular basis. For example:
- 45% of employees admitted to engaging in “unsafe behaviors” throughout the workday that included connecting to public Wi-Fi to access confidential information (46%) and using personal email accounts for work (49%).
- Seventeen percent reported losing a company-issued device, while one in three employees (35%) say it is “common” to take corporate information with them when leaving a company.
- Employees also reported that they are aware of and support cybersecurity in the workplace because they do not want to see data breaches, but they also struggle with the limitations security programs can put on their day-to-day activities and productivity.
- Three in four employees admit that they would share sensitive, confidential or regulated company information under certain circumstances.
According to Brett Hansen, vice president of Endpoint Data Security and Management at Dell, “When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy. These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”
“Cybersecurity education needs to be an integral part of the workplace culture,” says Michael Kaiser, executive director, National Cyber Security Alliance. “It must be built around a practical, ongoing dialog in which employees are empowered and incentivized to speak up when they’re unsure about the implications of a decision. Cybersecurity education doesn’t mean hosting a one-time course or seminar; it means making security a collaborative, continuous cultural initiative.”
Cybersecurity is particularly important for HR processes and for employees working in human resources, as the majority of the data handled is of personal and confidential nature.
The issues are compounded when international and/or cross-borders aspects come into play: among many contributing factors, insecure global networks; different, sometimes conflicting regulations; language barriers; vulnerable online platforms operated by third-parties; combine to make it even harder to secure information systems against breaches or fraud.
However, management actions such as deploying adequate global guidelines; common cybersecurity tools; monitoring and enforcing safe computing practices by individual employees; nurturing cybersecurity-aware local workplace cultures; today probably will avert most cyber attacks. But the increasing sophistication of cyber-criminals may require more stringent measures in the future.