Why employees are the biggest not-so-hidden threat to your business data
Which is the bigger security threat to your business; cyber criminals, or your own employees?
Increasingly that question is being answered with the latter – and research from EE out today has revealed that nearly 10 million devices were lost by UK employees last year.
The survey of 2000 UK consumers, conducted by Vision Critical in March, found that nearly one in five (19%) lost a device on a work night out, while a further 16% of devices continued their journey on public transport long after their owners had alighted.
Elsewhere, 12% of those polled said they had left a device in the back of a taxi, while one in 10 (9%) employees admitted to losing their device in a public toilet. Two thirds (63%) of devices lost were smartphones, compared to 21% of laptops – not the sort of thing which just falls out of one’s pocket – and 10% for tablets.
The research calculated that four non password-protected devices for every 10 people were lost – so multiplying the 0.4 devices per person with 24,453,900 – the approximate number of employees who have access to corporate data on their device (81% of 30.19m, the number of UK adults in employment), and you get an eye watering 9,781,560.
Here ends the maths lesson. But it’s an interesting piece of survey data, even if the calculations are an approximation – and more proof to the CEO about how dangerous their own employees could be when keeping company data under wraps.
Enterprise AppsTech has presided over several industry reports over the months, and a trend is certainly beginning to emerge. Earlier this month Morrisons suffered a data breach due to an employee, which was covered here. But it's deeper than that.
In July last year, a report from IT Governance revealed that for more than half of CIOs, the greatest threat to sensitive company data came from their own employees rather than external forces. A month earlier, a study from Check Point put the number at nearer two thirds.
Even more worryingly, one in four US enterprise workers claimed there should be no punishment for loss of company data as “data security [was] not their responsibility”, according to research from Absolute Software.
Worried? How about when the Royal Veterinary College broke the Data Protection Act back in October – as detailed by the Information Commissioner’s Office (ICO) – after an employee lost a camera with sensitive information of job applicants? With a nice line in irony, not six months earlier the ICO had released a report warning of a ‘laissez faire’ attitude amongst companies – fewer than three in 10 BYOD-friendly workers had been given appropriate guidance and contingency, according to the ICO.
It can cut both ways. In July last year Aruba Networks released a paper which detailed how employees don’t trust their employers with personal data. Ben Gibson, Aruba CMO, said at the time: “Employees resent the power their employers now wield over their personal data, but are equally concerned about keeping company data safe.”
The latter point can’t be underestimated. 94% of companies surveyed in the Check Point report admitted that lost and stolen data was a “grave concern.” So what can be done?
Wouldn’t you know it – EE is releasing a mobile device security product alongside its survey results. The operator is getting into bed with MobileIron to enhance its enterprise mobility play by unleashing the Super Secure 4GEE portfolio offering security for a wide range and size of companies.
There are three levels – from starter, providing basic email, Wi-Fi and MDM, to enterprise providing more advanced MAM and functionality across IT systems, and regulated for companies with the most secure data – legal, financial and government. There’s also an SME version, in partnership with MobileIron.
Of course, other enterprise mobility management vendors are available and the importance of mobility management, from the device to apps and content, cannot be understated.
But don’t forget to educate your employees, even if they don’t like the admin – which they won’t – and offer continual feedback and dialogue to avoid playing a messy and expensive blame game later on.
- » The process of appointing a CIO – and how to get the best results
- » Report notes disparity between CIO and IT on organisational innovation
- » Why in enterprise apps you don’t have users but ‘internal customers’
- » AppConfig Community launches Android best practices
- » Enterprise mobile security: A proactive approach to protecting data