Directors, Executives Careless with Sensitive Data, Survey Finds

    Oct 25, 2016

    When it comes to safeguarding sensitive company data, lower-level employees appear to be more careful than directors and C-level executives, a recent survey has revealed.

    According to the survey of more than 4,000 employees in North America and Europe, 49% of mid-market managing directors (MDs) and C-level executives (CxOs) have used their personal e-mail accounts to send sensitive business information.

    The survey, conducted by Opinion Matters and commissioned by Iron Mountain, also found that:

    • 57% have left business-sensitive or confidential information in the printer
    • 40% have sent information over an insecure wireless network
    • 43% have disposed of documents in a potentially insecure trash bin
    • 39% have lost business information in a public place

    Interestingly, the survey revealed that lower-level employees are more security-conscious – only 29% of administrative staff said they have left confidential information in the printer, and just 15% said they have lost business documents in a public place.

    When asked about processes in place to protect sensitive data, 21% of CxOs said such processes are too complex and so they look for a way to evade them. Also according to the survey, another 14% said they don't follow company policies regarding data security because they consider the policies too complicated, and 6% are unaware of any such policies at all.

    "Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee," Iron Mountain UK Commercial Director Elizabeth Bramwell said in a statement. "They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning.

    "With the stakes so high, companies need to put the policies and processes in place to support good information governance,” she added. “On its own, this may not be enough; companies must promote behaviors that protect sensitive company information."

    According to eSecurityPlanet, another survey conducted earlier this year of 1,022 U.S. respondents found that 13% of employees have allowed colleagues to use devices that can access their employer's network, 9% have allowed their partners to do so, and 1% have even allowed their children to do so – despite the fact that one in five employees had no security software on their work devices.

    That survey, conducted by Arlington Research on behalf of OneLogin, also found that 20% of employees share their company e-mail passwords, and 12% share passwords to other work applications.

    Remarkably, almost half of all employees surveyed said they were not aware of any company policies concerning the sharing of passwords, according to the survey.


    © 2017, ARMA International