Two surveys this week shed light on how collaboration, BYOD and cloud computing are perceived across the enterprise.
Harris Interactive conducted two online surveys commissioned separately by FileTrek and Intralinks Holdings designed to glean information from the enterprise about how information is shared and the subsequent risks that can result.
90% of American Adults Believe People Share Company Confidential Information Outside the Company
The results of FileTrek’s January 2012 Document Security Survey of 2,625 Americans aged 18 and older are in and reveal that a majority of Americans (90%) believe people remove confidential documents from the workplace, even though most adults (79%) say taking confidential files outside the office is grounds for termination.
It seems that peer pressure is alive and well in the enterprise. The mere fact that everyone does it seems to be reason enough to share information you know you oughtn’t.
Maybe it’s a millennial thing?
The survey showed that while a majority (68%) of the millennial generation (those aged 18-34) believe it is acceptable to remove confidential files out of the office, only 50% of the 55+ age group believe the same.
Perhaps with age comes wisdom, or just a sense that you should know better?
It could also be that older workers are more fearful, as most employees (72%) indicated that they fear being accused of taking confidential company files or being confronted about a coworker (53%) who has shared confidential information outside the company it.
There’s little to convince us that employees decide not to share confidential information outside the company because it’s unethical, or could threaten the security of their company.
So what do we do with this information?
We can better understand the circumstances when employees feel it is acceptable to remove confidential company information out of the office. The report shows that the following incidences are among them:
- When boss says it’s okay to do so -- 48%
- To finish a late night project from home instead of having to stay at the office -- 32%
- To work over the weekend or while on vacation -- 30%
- When it is confidential information about themselves -- 16%
- When it can be brought back to the office before the boss knows it was gone -- 2%
- To show something to family or friends who promise to keep it confidential -- 2%
For how employees are removing sensitive information, most adults said that, if they were going to risk taking documents, they’d export data to a USB drive (55%).
Most organizations and employees still use email as the main method to send and exchange large files and sensitive data
In a survey of more than 1,000 IT decision makers across seven countries, IntraLinks Holdings found that, most often, sensitive information exchanged beyond the firewall with business partners and customers is still primarily conducted through email and consumer-grade file sharing tools such as FTP sites.
The survey revealed that 68% of global respondents still use email as their main method to send and exchange large files and sensitive data, despite the fact that a majority of respondents were aware of the security and compliance issues around using email, ftp sites and other consumer-grade file sharing services.
Why is there such a disconnect between what employees know and their subsequent actions?
The study suggests that organizations may not have adequately provided employees with standardized, secure file-sharing tools for collaborating beyond the firewall.
The silver lining is that many respondents acknowledge a key part of their role is to share critical business information with partners, suppliers, and consultants (46%) and recognize that it is important or very important to protect intellectual property to keep it secure (83 %).
But beyond that, it seems that the enterprise can’t break away from email. It really don’t matter how much they know about regulatory requirements or the inherent security risks, it’s just so easy to share information with others.
A Lesson in Pervasive Governance
If it’s your job to ensure the safety of information contained within the four walls of a company, you may want to examine the controls in place to manage email, and protect sensitive information from leaking out.
These surveys raise more questions than answers, as it’s not clear how much information is able to be removed once software is available that can detect unusual behavior, such as the sending of large documents or the downloading of information onto external devices like mobile devices or USB drives. However, information from these reports makes a remarkable case for pervasive governance. A company’s four walls are no longer enough to protect information from getting out. If you are working or saving information in the cloud, it’s time to take a closer look at how it’s being managed.