Careless Employees Cause Data Breaches at Businesses

Nearly three-quarters (72 percent) of organizations are not confident in their ability to manage and control employee access to confidential documents and files, according to a Fasoo-sponsored survey of 637 U.S. IT security practitioners conducted by the Ponemon Institute.

According to the report, the primary cause of data breaches experienced by companies is careless employees (56 percent) followed by lost or stolen devices (37 percent).

Sales departments pose the greatest risk to a company’s information assets, both structured (69 percent) and unstructured data (58 percent), the report found.

What’s more, a whopping 83 percent of organizations struggle with determining the appropriate level of confidentiality documents and files should possess. Determination is based on data type, policies or data usage, but only 13 percent use access as the determining factor. Only 16 percent are using a content management system.

“The most surprising aspect of the survey is that most companies say they are better at defending external threats as opposed to careless or malicious insiders,” Bill Blake, president and chief commercial officer at Fasoo, told eWEEK. “Only 27 percent of the 637 respondants said they can restrict the sharing of confidential files with other employees and only 36 percent can stop sharing with external third parties.”

Even if the organization has properly identified confidentiality, only 15 percent of respondents are confident that they are highly effective in limiting access, the report found.

C-level executives and human resources (79 percent) account for more than half of unstructured data risk, while HR and finance and accounting (71 percent) pose more risk with structured data.

Almost 70 percent of respondents do not know where confidential information is located and more than 60 percent don’t have visibility into what confidential documents and files employees are sharing, according to the report.

In addition, nearly three-quarters (73 percent) of respondents said it was likely their organization had lost some confidential information over the past 12 months.

Half of all respondents say their organization is highly effective in preventing leakage by external attackers and hackers, yet less than half are as confident in preventing data leakage by careless employees.

“Data security strategies will evolve into a more comprehensive framework that includes discover, classify, protect and monitor any form of confidential data regardless of its location,” Blake explained. “Self-securing data will also be an important aspect of this framework.”