In what can only be called a shocking revelation, the Dell End-User Security Survey about workplace security practices reveals some very unpleasant truths about ourselves. These includes data about how willing we are to share confidential information, how unsafe our daily habits have become, and how we use corporate devices for personal needs.
To begin with, no less than 72 percent of the survey’s respondents said that they would be willing to share confidential, sensitive or regulated company information under various circumstances. These circumstances range from helping the recipient of that information do their task in a more effective manner, to being asked to do so by management.
Next, 45 percent of respondents admit that they were engaging in unsafe security practices through their workday. From connecting to public Wi-Fi networks for confidential work, to using personal email for official purposes, to losing a company-issued work device, anywhere from 21 percent to 68 percent of employees across organizations have either engaged in such practices or do so on a regular basis.
Finally, 49 percent of employees across various organizations admitted that they were using corporate devices to connect to their personal social media accounts, with percentages varying between 26 percent in Far East Asia to as high as 75 percent in South Asia.
More Interesting (and Frightening) Workplace Security Statistics:
Four in five employees in financial services (81 percent) would share confidential information, and employees in education (75 percent), healthcare (68 percent) and federal government (68 percent) are also open to disclosing confidential or regulated data at alarmingly high rates
One in three employees (35 percent) say it is common to take corporate information with them when leaving a company
Employees take on unnecessary risk when storing and sharing their work, with 56 percent using public cloud services such as Dropbox, Google Drive, iCloud and others to share or back-up their work
But there’s also a positive side to this survey:
Nearly two in three employees (65 percent) feel it is their responsibility to protect confidential information, including educating themselves on possible risks and behaving in a way that protects their company
Thirty-six percent of employees feel very confident in their knowledge of how to protect sensitive company information
Brett Hansen, vice president of Endpoint Data Security and Management at Dell, says this:
“These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”
From all this data, one clear point emerges: there is often a significant amount of conflict between the need for security and the need for productivity. In simple terms, there is a need to achieve balance between protecting confidential data and getting the job done. The problem is, both are not always complementary to each other.
Another takeaway is the fact that not all employees consider the security of confidential company information to be sacred, or even that important to them, personally.
More importantly, the burden of keeping company information confidential falls not only on the employees, but the organizations themselves. The Dell End-User Security Survey clearly states that companies need to create simpler and clearer policies and implement security solutions across devices as well as user accounts, personal and official. Moreover, the survey also suggests that it is the organization that is responsible for putting multi-layer security infrastructure in place that does not affect workflows or productivity.
One thing is made amply clear from the Dell survey: companies need their employees to ‘buy in’ to the concept of corporate security before a robust solution can be implemented. Awareness, education and compliance are key, but employees also need to be empowered to effect security. Two out of three employees do feel that corporate security is important, but only one out of three are confident that they have the knowledge required to protect sensitive or regulatory data.
At the end of the day, it’s not about pointing fingers and putting the blame on the organization or its people: it’s about getting acceptance on security protocols, and then implementing that across the organization. And nothing short of a collaborative effort is going to make that happen.
Download the Dell End-User Security Survey Report 2017 here.