McAfee, Inc says that European businesses are increasingly at risk from the inside as employees repeatedly expose valuable and sensitive company information. Investments in solutions to protect corporate data from external threats and hacking are being undermined by the failure to fully communicate company security policies and by lax employee behaviour.
The study of 600 office workers across Europe , conducted by ICM Research and commissioned by McAfee, highlights the organisational dangers of data loss. The research reveals that employees are transferring an increasing amount of confidential data out of the business, using methods which often fall outside of the control of the IT department. It suggests that more than a third of European businesses (37%) have no set policy for handling sensitive documents and, in cases where policies do already exist, almost a quarter (24%) of employees don't know what they are.
Day-to-day internal documents and customer data/records are the two most common types of document to be taken out of a business electronically or physically. This is followed by company financial information. Employees are increasingly using portable devices, including memory sticks and mobile phones to remove confidential data from their businesses. 52% of European employees would take company data with them when they leave says McAfee.
Last year, Boeing, Ernst & Young and Nationwide all suffered reputational challenges when the social security numbers, names and addresses of thousands of employees and customers were left open to identity fraud after unencrypted laptops were stolen from the homes and cars of their workforce. The Israeli Interior Ministry also felt the force of a digital disaster when vital population registry information was leaked and posted on the internet.
Company business plans, financial information, employee records, customer data and legal contracts are all being placed at risk by the actions of European workers. Business owners should heed the fact that nearly a third (31%) of those questioned send company financial information to others outside of the organisation as part of their daily routine, whilst 20% also forward legal contracts.
Employee privacy is easily breached as a fifth (19%) share their information with external contacts and, while 92% admit that the safe handling of confidential documents is crucial to maintaining relationships with customers, 39% readily forward customer data and records to others outside the company.
Company email remains the most common means of sending information externally with 86% admitting to forwarding documents regularly by email. However, many employees are also using methods which corporate IT departments have little or no control over. A quarter (26%) of those that have sent customer information outside of the business admit to using web-based email services such as Yahoo or Hotmail to do so while a significant proportion (83%) are printing customer records out to remove from the business.
Nearly a quarter (23%) of those that admit to sending documents outside of the business have used Instant Messenger services to transfer company business plans while one in five (20%) have sent company financial information and spreadsheets using IM.
Confidential documents are also commonly taken out of the business using portable storage device. Almost half of office workers are taking financial records (45%) out of the business using such means, while over a third are transferring company business plans (38%) and customer data (34%).
USB sticks prove the most popular choice of portable devices with over a quarter of employees (26%) regularly use this device to remove information. However, rather than treating these devices with care, 15% of office workers have lent them to others.
The traditional hard copy document retains its status as a prime potential business vulnerability. IT departments rarely have the ability to monitor and restrict what is being printed out or where this information is left. The study shows that employees frequently print out company financial information (83%), customer records (83%) and legal contracts (87%). The risk of this information falling into the wrong hands is further compounded as over half (54%) of office workers fail to shred confidential documents and one in ten even admit to frequently leaving the information in the printer tray.
In October 2006, McAfee Inc acquired Onigma Ltd., providing McAfee with additional capabilities and expertise to help customers reduce the risks of data loss. McAfee also announced the availability of McAfee Data Loss Prevention, a solution that systematically monitors and prevents information loss by insiders and helps enterprises to comply with government regulations.
