Many companies have responded to the threat of data theft by hackers by using encryption. If hackers do break through the security perimeter and gain access to computers or networks, customer data will not be exposed. However, the same cannot be said of employee data. A new security report suggests employee data theft is rife, and that the personal information of employees is much more likely to be stolen that customer data.
Employee data theft is a real concern – Don’t forget to encrypt ALL sensitive data!
A recent study has shown that when it comes to protecting intellectual property and the personal information of employees, mid-sized companies around the world fail to use the same stringent measures that they apply to customer data.
The Sophos/Vanson Bourne study revealed that 43% of midsized companies – those employing between 100 and 2,000 members of staff – do not regularly encrypt human resources files. Human resources files usually contain sensitive information on employees: names, addresses, contact telephone numbers, dates of birth, emergency contact information, and government IDs such as Social Security numbers. These are exactly the kind of data sought by hackers. These data can easily be used to commit identity theft.
The survey was conducted on respondents from Australia, Canada, Japan, Malaysia, and the United States indicating this is a global problem.
In the United States, where ma high percentage of cyberattacks on midsized companies are taking place, 45% of companies appear not to be encrypting employee data, even though these companies face a high risk of employee data theft. Even financial data is left relatively unprotected. Almost a third of companies in the United States are not encrypting their financial data.
It is not a case of encryption not being implemented at all by midsized companies. In the United States for example, 43% of midsized companies use encryption to some degree, while 44% claim they widely encrypt data. The figures are understandably lower for small organizations, in a large part due to the cost of encryption. 38% of small businesses widely encrypted data. Half of larger organizations used encryption for most data.
Companies are not applying safeguards evenly and are leaving gaping security holes. It is not only the threat of employee data theft that is being underestimated. Many organizations are not encrypting data they send to the cloud. Only 47% claimed to encrypt “some files” sent to the cloud and just 39% encrypt all data sent to the cloud. However, 84% of respondents claimed to be worried about cloud security.
Why is encryption not being universally applied?
The survey probed respondents to find out why data encryption is not being used. Four out of ten organizations claimed this was due to budgetary constraints. Three out of ten said it was because of performance trade-offs and a similar number said it was an issue with how to actually encrypt data. Interestingly almost 20% of respondents claimed that encryption wasn’t actually effective at protecting sensitive data.
There is also a commonly held belief that encryption is complex, or cannot easily be implemented. While this was certainly the case a few years ago when full disk encryption was the only option, this is now no longer the case. Encryption technology has advanced considerably in recent years. Companies should therefore take a fresh look at encryption and take steps to prevent employee data theft and the exposure and theft of their intellectual property.
Hackers steal data for financial gain. Employee data theft should be a concern, as should the theft of intellectual property. These data have considerable value. It is not just customer data that can be used to commit fraud or be sold on the black market.