News

April 26, 2017

45% of Employees Admit to Unsafe Data Access Practices, According to Dell Study

A study conducted by Dell showed surprising results: When dealing with sensitive corporate information, 45% of employees admitted to engaging in unsafe data access practices. Dell surveyed 2,608 professionals who handle private data at businesses with 250 employees or more across eight countries. Canada was part of the eight countries.

Main Findings

65% of these professionals agree it is their responsibility to protect sensitive data. They also agree that it is important to educate themselves on possible risks, and to behave themselves in a way that protects the company’s private data. However, the study shows that when asked whether they engage in unsafe behaviours, 45% of respondents admitted doing so. Examples of unsafe behaviours include connecting to public Wi-Fi to access confidential information, or using personal e-mail accounts for work purposes. 17% also admitted to losing a device issued by the company. Canada in particular ranked second out of eight countries, as 57% of Canadian respondents admitted to logging in to their personal social media accounts on corporate-issued devices.

Higher Numbers among Small to Mid-size Organizations

The research also shows different numbers when comparing employees from highly regulated companies and those from small to mid-size organizations. “Perhaps one of the most shocking findings is that more than one in three employees (35 per cent) say it’s common to take corporate information with them when leaving a company”.

Why are Numbers so High?

Imran Ahmad from cyber security law firm Thompson LLP believes the reason why so many employees engage in unsafe data access practices is due to the fact that security awareness training programs aren’t often done. “A lot of people don’t do the training. […] Some are great and they do actually track and audit, […] but the vast majority may get one training session”, he states. It is therefore the organizations’ fiduciary duty to push regular cyber security training programs and make sure their employees start sharing confidential data “in a secure and simple fashion”.