Sophos Report: Most companies unable to protect highly sensitive employee information.
A new survey by network and endpoint security firm Sophos has revealed how most companies are unable to protect highly sensitive employee information. The survey shows how information like banking details, human resource (HR) files and personal healthcare records are at risks due to the inability of companies take full advantage of encryption technology.
The survey which saw 1,700 IT decision makers from mid-sized businesses in the United States, Canada, India, Australia, Japan and Malaysia polled about their encryption habits. Despite most companies taking the security of their customer data seriously, the survey revealed that employees are not protected to the same level.
According to The State of Encryption Report survey by Sophos, 31 percent of the companies surveyed that store this type of data admit that employee bank details are not always encrypted. Forty-three percent of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47 percent) fail to consistently encrypt these records.
Of the U.S. companies surveyed that do use encryption, only 79 percent claim to always secure employee bank details, making it the most advanced of the six countries. By comparison, 48 percent in Japan fail to consistently encrypt employee bank details, making their employees the least protected.
Another worrying finding was that company data remains at risk as well. The survey found out that nearly one-third (30 percent) of all organizations surveyed fail to always encrypt their own corporate financial information, and nearly half (41 percent) inconsistently encrypt files containing valuable intellectual property. The percentage is higher in the U.S. where 62 percent of organizations cite the need to secure proprietary data as a key driver to encryption.
Cloud data security is also driving encryption adoption. More than eight in ten companies (84 percent) expressed concern about the safety of data stored in the cloud. Nevertheless, while 80 percent are using the cloud for storage, only 39 percent encrypt all files stored in the cloud. The U.S. leads all six countries with a propensity to encrypt all files in the cloud with 48 percent of those surveyed in America doing so. Malaysia is at the opposite end of the spectrum with only 17 percent of businesses surveyed encrypting all files in the cloud.
“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,’’ Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos said. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it.”
Encryption demand is growing although companies cite budget, performance concerns and lack of deployment knowledge as the top three barriers to implementing a solution. Three-quarters of organizations acknowledge that they need to improve how they encrypt and secure employee, customer and company information. In fact, over the next two years, 69 percent of organizations surveyed plan to increase their use of encryption, showing that companies are moving in a positive direction.
“The State of Encryption Today survey confirms that while encryption is widely used and accepted by businesses, it also highlights critical gaps,” added Schiappa. “Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective.”