May 28, 2020
A new report from Tessian claims that nearly half of employees (48 percent) are less likely to follow safe data practices when working from home. The State of Data Loss Prevention 2020 report suggests that the global shift to remote working poses new security challenges for businesses and why traditional security solutions are failing to curb the problem of the insider threat and accidental data loss.
While 91 percent of IT leaders trust their staff to follow best security practices when working remotely, over half of employees (52 percent) believe they can get away with riskier behaviour when working from home. Half (48 percent) cite “not being watched by IT” as a reason for not following safe data practices, closely followed by “being distracted” (47 percent). Additionally, staff report that security policies are a hindrance — 51 percent say such policies impede productivity and 54 percent will find workarounds if security policies stop them from doing their jobs.
Eighty-four percent of IT leaders also say data loss prevention is more challenging when employees are working from home and 58 percent of employees think information is less secure when working remotely.
According to the 2020 Verizon Data Breach Investigations Report, 30 percent of breaches involve internal actors exposing company information, as a result of negligent or malicious acts. Insider threats and data loss over email is particularly challenging for IT leaders to control, due to lack of visibility of the threat. Key findings from the report include:
- U.S. employees are more than twice as likely as UK workers to send emails to the wrong person (72 percent vs. 31 percent).
- IT leaders in US organisations with over 1,000 employees estimate that 480 emails are sent to the wrong person every year. Yet, Tessian data claims that employees send at least 800 misdirected emails per year —1.6 times more than IT leaders estimate.
- U.S. employees are twice as likely to send company data to their personal email accounts than their UK counterparts (82 percent vs. 35 percent).
- IT leaders in US organisations with over 1,000 employees estimate that just 720 emails are sent to unauthorised accounts a year. The reality, according to Tessian data, is at least 27,500 unauthorised emails are sent a year — 38 times more than IT leaders estimate.
- One-third (34 percent) of employees take company documents with them when they leave a job, with U.S. workers twice as likely as UK workers to do so (45 percent vs. 23 percent).
IT leaders rely on security awareness training, policies and legacy technologies to prevent data loss, yet these practices may not be as effective as they think. The report finds that employees who receive security training every 1-3 months are almost twice as likely to send company data to personal accounts as those who receive training once a year (80 percent vs. 49 percent).
In addition to differences in safe security practices by region, there are also notable contrasts among age groups and startups vs. large enterprises. For example:
- 50 percent of workers from small companies (2-49 employees) agree they’re less likely to follow safe data practices when working from home, compared to only 30 percent from companies with 1,000 employees or more.
- Workers in the 18-30 age demographic are 3 times more likely to send emails to the wrong person — 69 percent vs. 21 percent of workers who are 51 or older. And while 31-40 year olds are more careful on email, over half (57 percent) admit to sending misdirected emails.
- 41 percent of workers aged 18-30 have taken company documents with them when they’ve left a job, compared to only 13 percent of workers aged 51 and older.
Image by Joshua Woroniecki