More than 90 percent of employees violate policies designed to prevent data breaches. New research from CEB says that employees pose a bigger threat than hackers even though companies are increasing technology investments to protect against external data breaches.
More data is changing hands and leaving company-controlled networks than ever before. Almost two-thirds of employees report regularly using personal technologies for work, mainly for convenience purposes.
When conveniences and productivity are chosen over security, employees put sensitive data at risk, resulting in high costs. Forty-five percent of internal privacy failures are caused by intentional but non-malicious employee actions.
To manage employee behaviours that jeopardise data privacy and mitigate relevant costs, organisations must avoid collecting unnecessary data and build privacy into business workflows to make it easier for employees to comply with requirements.
“Investing in technology to improve security is essential, however organisations also need to ensure that employees are doing their part to protect sensitive information,” said Brian Lee, data privacy practice leader at CEB.
“Employees will often work around controls – especially ones they feel are onerous – as a way to make their job easier. This ‘rationalised non-compliance' can not only increase privacy risks, but even jeopardise corporate strategy and ultimately growth. Establishing a more balanced approach to information governance – one that complements technological controls with prudent and relevant privacy policies that employees can easily follow – will allow companies to effectively use the information they collect and protect against a damaging data breach,” concludes Lee.