Despite investments in secure tools, employees confess they still don’t always handle sensitive data properly
San Francisco, Calif. — RSA Conference; Biscom Booth #4334 — April 17, 2018 — A new survey commissioned by Biscom, a leading provider of enterprise secure document delivery and fax solutions, reveals that despite companies’ investments in data security tools, employees’ continued use of email to send information continues to be a major source of data loss.
The survey polled more than 600 U.S. employees whose companies have data security policies and tools in place, and need to share sensitive data. Participants included associate level to C-Suite executives in 20 industries, including healthcare, financial services, and information technology. The survey measured the behaviors and motivations of complying with company data security policies and the use of secure tools to share sensitive data, information, and documents.
Companies are trying
Today, companies are continually battling against gaps in cybersecurity, and implementing tools and processes to build more secure environments. With 98% of respondents stating that their company cares about data security, and 93% reporting that their company proactively invests in keeping data safe, a majority of employees understand that their companies are heavily invested in securing company data.
Specifically, 95% report that their company provides secure information tools, and 85% say their company has policies about sharing, delivering, and stealing data, documents, and information. Additionally, 88% of respondents reported their company trains employees on properly using secure methods of information sharing and delivery.
Employees aren’t complying
Respondents consistently reported using insecure methods to transfer data in and out of their companies. Specifically, while 78% of respondents say they understand and agree with their company’s security policies, an overwhelming number of respondents reported insecurely sharing information both internally with their colleagues (74%) and with people outside of their organization (60%).
When asked why they didn’t use company tools or comply with company policies, respondents agreed complexity was the biggest challenge. In fact, when deciding how to send sensitive documents, 60% said they simply do what’s easiest, and 70% admitted to using email.
The study also uncovered interesting generational gaps. While millennials admitted to simply being too lazy to follow company policies (17%) and were three times more likely to default to email, older generations expressed simply not caring. Those over 35 are 26% more likely to use insecure methods when transferring information. They are also 20% more likely than millennials to know they’re sending sensitive information insecurely, but choose to do it anyway. And although more than 90% of those over 35 say they understand their company’s security rules and think the rules are valid, they are 10% more likely than millennials to ignore them.
The data loss is significant
Alarmingly, the survey found that nearly any and all types of data are at risk of being breached. Of those who reported insecurely sharing data, confidential information and data that is protected by regulations were some of the most widely shared.
- Among those who share data via insecure email internally, information includes customer data (62%), strategy documents or presentations (46%), company business or financial data (45%), and regulated data such as medical or financial information (43%).
- Among those who share data via insecure email outside of their company, half reported sharing customer data, 49% insecurely share highly regulated data like medical or financial information, with other information including strategy documents or presentations (35%), and intellectual property like source code or patent filings (29%).
“The survey’s results uncover some interesting factors that contribute to non-compliance,” said Bill Ho, CEO of Biscom. “It would surprise most companies who have made major investments in security that so many people just fall back to the easiest method, namely sending confidential messages and files through email.”
The trouble lies in the inbox
Additionally, the data uncovered 35% of employees find using tools that do not integrate well into their existing systems as a challenge. Moreover, email reigned supreme, with nearly 3 in 4 employees reporting insecure email as their method of choice to send sensitive data, information, and documents — more than twice as likely than any other method, including company secured secure file transfer solutions, and cloud-based sync and share tools. In fact, the preference to use email is so strong, 40% of employees reported knowing email is not secure, but among that group, 50% choose to send sensitive data and information via email anyway.
How companies can improve
The good news is employees are willing to adapt if companies make a few adjustments. The survey revealed that employees would change their behavior if they were being more closely monitored by IT. Reasons included if IT monitored employees’ real-time activities (80%), if IT received notifications of suspicious activity (78%), and if IT monitored with whom they shared data.
Understanding employees’ behavior and their pain points help curb the chances of data leaks right from the start. While investments in security measures will always be necessary, companies can meet their employees in the middle by implementing tools that are simple to use, easily integrate with existing systems like email, and are capable of tracking for data gathering, and data loss prevention.
Biscom offers secure document delivery solutions through its secure file transfer (SFT), enterprise file synchronization and sharing (EFSS), and secure enterprise fax solutions for highly regulated industries. As the leading provider of secure communications and document delivery solutions, Biscom is proud to work with some of the world’s largest organizations. A testament to its dedication to customers, Biscom was recognized as a finalist by SC Magazine for Best Customer Service in 2016, and as a winner for outstanding customer service by the 2018 Stevie Awards.
As the leading provider of secure document transfer solutions for highly regulated industries such as healthcare, government, legal, and financial services, Biscom continues to spearhead data security with its enterprise fax products, secure file transfer solutions, and collaboration tools. Biscom uses its thirty years of experience to help some of the world’s largest organizations securely transmit and share information, keeping confidential data protected. Biscom leads the industry in innovation and outstanding customer support. Learn more at https://www.biscom.com.