Your Employees Don't Care About Data Security. Here's Why

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.businessnewsdaily.com/6035-why-employees-ignore-mobile-data-security.html

While you may view data security as a top priority, your employees don't.

A new study by the Absolute Software Corp. revealed that many employees
take a relaxed attitude toward ensuring the mobile devices they use for
work are secure, despite the negative consequences that come when the data
on them is lost or stolen. The research shows that while data breaches can
cost organizations millions of dollars in penalties, nearly two-thirds of
employees who use a mobile device think the corporate data stored on them
is worth only $500 or less.

Additionally, a quarter of those surveyed believe employees shouldn't face
any punishment for losing or leaking corporate information, since data
security is not their responsibility. Among those who do feel punishment is
order, the majority think having to replace the device on their own or
getting lectured about the incident are appropriate penalties. [5 Signs
It's Time to Fire an Employee]

The study also discovered that numerous employees have no clue what to do
if they lose their mobile device or even if their company has a plan on how
they should handle such situations. More than 20 percent did not know their
company's procedure for dealing with a lost or stolen work device, while 10
percent indicated that their employer is not looking to introduce a
procedure for the loss or theft of mobile devices.

"If firms don't set clear policies that reflect the priority of corporate
data security, they can't expect employees to make it a priority on their
own," said Tim Williams, mobile enterprise data expert and director of
product management at Absolute Software.

Even those employees who have had smartphones stolen or lost don't take
security very seriously. The research found that 35 percent of those who
had lost their mobile phones did not change their security habits
afterwards.

Williams said the lax attitude of workers toward securing mobile devices
and the data they contain places businesses and their sensitive data in a
vulnerable position.

"The data may be carried around in the employee's pocket, but the
half-million-dollar fines we've seen levied due to data loss come out of
the company's pocket," he said. "Clear policies, properly articulated to
employees, will ensure that the entire company, not just IT, unites against
mobile data loss."

The study was based on surveys of 750 U.S. employees who have a mobile
phone for work purposes.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!