As organizations search for solutions to protect their networks, data centers, and computer systems, an unexpected threat may be lurking under the surface—senior management.
According to a national survey of 764 information workers, 87 percent of senior managers frequently or occasionally send corporate data to a personal email or cloud account to work remotely, putting that information at a higher risk of being breached.
The survey also found that 58 percent of senior management reported having accidentally sent the wrong person sensitive information, compared to just 25 percent of workers overall.
The survey, released by global investigations, intelligence, and risk services company Stroz Friedberg, found that just 35 percent of respondents said they received regular training and communications on mobile device security from their employers. Additionally, just thirty-seven percent of employees said they received training on social media use, and 42 percent said they received information sharing training.
Corporate managers also put their companies at risk of intellectual property loss if and when they depart the company, the survey found. Fifty-one percent of senior management and 37 percent of mid-level management admitted to taking job-related emails, files, or materials with them when they have left past employers. Only one-fifth of lower ranking employees said they have done so.
“Insiders are by far the biggest risk to the security of a company’s sensitive information, whether it’s a careless executive or a disgruntled employee. When information is compromised, a company’s reputation, customer base, and share price may suffer,” said Michael Patsalos-Fox, CEO of Stroz Friedberg. “Our inaugural information security survey demonstrates that companies need to address high-risk security behaviors within the workplace at all levels with a proactive risk mitigation plan.”
Interestingly, the survey found that overall senior leaders believe their own security efforts are inadequate, as almost half (45 percent) acknowledged that the C-suite and senior leadership themselves are responsible for protecting their companies against cyber-attacks. However, 52 percent of this same group indicated they are falling down on the job, rating corporate America’s ability to respond to cyber-threats at a “C” grade or lower.
The survey also found that rank-and-file workers differ in their opinions about cyber security accountability, with 54 percent of those respondents saying IT professionals are responsible for putting the right safeguards in place.
“The C-suite is responsible for making the right security investment decisions, but beyond that, leadership needs to create a culture in which all employees recognize their own responsibility for keeping information secure,” said Eric Friedberg, Executive Chairman of Stroz Friedberg. “Companies that are proactive in both measures are the most successful in combating and recovering quickly from a cyber attack.”
Risks of BYOD and Cloud Services
The trends of bring-your-own-device (BYOD) and the use of personal online accounts have become prevalent, as workers use their personal smartphones, tablets, and preferred cloud providers to stay productive while at work and out of the office.
Seventy-one percent of survey respondents admitted to frequently or occasionally sending materials to a personal email account or uploading materials to a personal cloud account. For those who admitted doing so, the reason cited most often 37 percent was that they preferred to use their personal computer over their work computer, while 14 percent said it was “too much effort” to bring their work laptop home with them.
“Because employees use their personal smartphones and other powerful technology increasingly in the workplace, it is crucial for companies to update their technology use policies and training programs,” said Ed Stroz, Executive Chairman of Stroz Friedberg, “Training, along with effective policies and ensuring compliance, are a company’s best lines of defense against insider information security threats. It’s an important part of a holistic security approach that recognizes the interdependency of technical and physical security.”
The 2013 Stroz Friedberg “On the Pulse: Information Security Risk in American Business” survey polled 764 information workers who use a computer for their job between October 28 to November 4, 2013. The survey was conducted by KRC Research, an independent research firm. Respondents worked for companies with more than 20 employees.
