Secure USB drive outfit Apricorn has released research claiming that 89 percent of organisations have experienced a data breach, and human error is still the chief cause.
Two-thirds (63 percent) of respondents noted that human error was the leading cause of a data breach within their organisation – be it mobile workers, unintentional error, or employees with malicious intent.
A lack of encryption and phishing emails also ranked in the top five primary causes. This parallels earlier findings from a Twitter poll of 12,500 users carried out by Apricorn in February which found that humans, whether through malicious intent or unintentional error, were twice the threat to personal data than the technology itself.
According to the company, this means that businesses need to be investing more time and resources into educating and supporting their employees, especially those working remotely, rather than continually financing new technologies to solve their security challenges.
Almost half of organisations’ (47 percent) remote workers have knowingly put corporate data at risk of a breach, and over a third (34 percent) of respondents stated that their organisation’s mobile/remote workers don’t care about security – a 16 percent increase compared with findings from the previous year.
Apricorn EMEA Managing Director Jon Fielding said that it was unfathomable to think that even with GDPR, employees, and remote workers, in particular, have such disregard for the security of corporate data they are responsible for and the risk they pose.
“To see the numbers increasing year on year demonstrates the dire state of organisations’ data security. Be it ignorance, defiance, or just simply a lack of care, employees are failing to engage even the most basic security measures, with no consideration for the consequences of their actions, or inaction in most circumstances”, he said.
When questioned on the most significant problems associated with implementing a cybersecurity plan for remote/mobile working, thirty percent of respondents stated that managing all of the technology employees require for mobile working is too complicated.
Just under a quarter of respondents (21 percent) stated that they could not be certain that their data is secured for remote/mobile working, with fourteen per cent highlighting that they have no control over where company data goes and where it is stored.
This is an improvement on previous years as this percentage continues to decrease. In 2018 it was 27 percent, and in 2017, 37 percent admitted to having no control over where company data goes and is stored.
Half of the organisations surveyed expect that mobile and remote workers will expose their business to a breach, showing a considerable mistrust in their employees’ ability to keep data secure.
Organisations should identify corporately approved, hardware encrypted devices that are provided to staff with a justified business case, and whitelisted on the IT infrastructure, blocking access to any non-approved media.
“Organisations need to build a security-first culture to protect data on the move and limit the risks posed by human error. Employees need to be aware of the risks facing them and the serious implications of data loss for their employer”, Fielding added.
IT decision makers trust third parties to look after business critical data more than they trust their colleagues, with over 50 percent saying they trusted third parties with their critical business data, but are only provided with access to the data they require or, all the data they share with them is encrypted.
“The fact that organisations have more trust in third parties than their employees is alarming. If businesses invested more time in educating employees and enforcing the necessary security policies to ensure compliance with data protection regulations, they would find that securing corporate data would be a much less tedious and worrisome process”, Fielding said.
