Security Experts:

Workers Don't Trust Employers with Personal Data: Survey

A new report from Aruba Networks has outlined a clear disparity between what employees want and what the IT department needs, particularly when it comes to the blending of personal and work-related information.

The report, ‘Employees Tell the Truth About Your Company’s Data’, found that of the 3,000 employees surveyed globally, 45-percent of European workers and 66-percent of Americans fear the loss of personal data due to their workplace. These concerns were also shared by 40-percent of those who live and work in the Middle East.

Further, 51-percent of the Americans, backed by 34-percent of the Europeans and 35-percent of the Middle Easterners noted that their IT department has taken no steps to ensure the security of corporate files and apps on their personal devices. These concerns, the study notes, are leading many employees to keep their personal devices away from IT, which creates a problem in and of itself.

Around 1-in-6 employees have not told their IT department that they’re using personal devices for work, again opening the attack surface to larger proportions and adding to the organization’s risk profile – not to mention many of those employees are likely breaking policy, which is near impossible to enforce in many cases.

Making things worse is the note that many employees said that they wouldn’t tell IT if their personal device was compromised, even if the breach led to the loss of corporate information. This reticence is driven by negative perceptions of corporate IT departments, particularly what the IT team might do with the employee’s personal device and data.

“The research from both sides of the Atlantic shows that employees and IT departments are gambling with data security, but chance isn’t the only factor. In short, employees resent the power their employers now wield over their personal data, but are equally unconcerned about keeping company data safe,” Ben Gibson, Chief Marketing Officer of Aruba Networks, said in a statement.

“We are now well beyond the point of discussing Bring Your Own Device as something on the horizon. It is a reality across the world and businesses need to adopt solutions that give their employees greater privacy for their personal data as well as exert greater network controls to ensure that sensitive information is not leaked, without disrupting the user experience.”

The full report is available online in PDF format.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.