Survey: Companies Not Following Data Security Policies -- Security Today

Survey: Companies Not Following Data Security Policies

Dec 04, 2007

Companies are not following simple data security procedures in seven high-risk scenarios, according to new research announced recently by the Ponemon Institute, a privacy and information management research firm. The report, Data Security Policies Are Not Enforced, was sponsored by RedCannon Security, a trusted provider of centrally managed, secure mobile-access solutions for the enterprise.

According to the study, 39 percent of employees surveyed said they have lost a PDA, cellular phone, USB memory stick, zip drive or laptop computer that contained sensitive or confidential business information, while, 56 percent believe their employer would never be able to determine the type of data contained on a lost device.

"Privacy and data protection policies are meaningless if they do not address the full spectrum of threats and if they are not enforced, and our research points to an urgent need to address this pervasive vulnerability in corporate data security programs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "The development of comprehensive policies, along with training and stringent enforcement of those policies should be a priority in any enterprise-wide data security program."

Data Security Policies Are Not Enforced highlights: risks associated with the storage and transportation of confidential information, policies regarding lost portable devices, the lack of enforcement of existing policies concerning data security, and employees' lack of awareness about such policies. Only 10 percent of those surveyed said their organization has a policy to deal with the loss of a portable storage device containing sensitive information.

With today's technology, data is more portable than ever before. E-Mail, smartphones, MP3 players and USB memory sticks are all examples of the many ways data can be transported and viewed away from computers, creating big challenges for IT professionals trying to secure confidential and personal information. Derived from a survey of 893 IT professionals, the Data Security Policies Are Not Enforced reveals a number of key findings in reference to this problem, including:

                                              Evidence of non-compliance
                                              with a company's data security
  Seven survey scenarios  Experience rates    policy

  1. Copying confidential 51 percent do it.   87 percent believe that company's
  information onto USB                        policy forbids it.
  memory stick.

  2. Accessing Web-based  45 percent do it.   74 percent state there is no stated
  e-mail accounts from                        policy that forbids it.
  workplace computer.

  3. Losing a portable    39 percent          72 percent did not report lost or
  data-bearing device.    lost or misplaced   missing device immediately.
                          a portable
                          data-bearing
                          device.

  4. Downloading personal 45 percent do it.   60 percent state there is no stated
  software onto company                       policy that forbids it.
  assigned computer.

  5. Sending workplace    33 percent do it.   48 percent state they are unsure
  documents to home                           whether this violates policy.
  computer as an
  attachment in e-mail.

  6. Turning off security 17 percent do it.    80 percent are unsure whether this
  settings or firewall                         violates policy.
  on workplace computer.

  7. Sharing passwords    46 percent do it.    67 percent believe that company's
  with coworkers.                              policy forbids it.

"Data breaches remain the leading cause of financial losses in business, with more than 75 percent of Fortune 1000 companies falling victim to data leakage, and this is not going to change without improvements in the enforcement of data security policies," said Vimal Vaidya, founder and CEO at RedCannon. "This study clearly indicates key data management practices that have a serious impact on data security and regulatory compliance, and highlights ways organizations can bolster policy enforcement and reduce the risks of potential data loss."

The study offers insights into the challenges facing IT professionals trying to secure confidential data. It identifies problems with the current rules in effect at the workplace, as well as the problems with enforcement of those rules. Most importantly, it shows employee naivete towards this problem, with most staff members unaware of the rules in place, or uncaring due to lack of obvious consequences. The survey offers information on what is the most frequently lost portable storage device, the numbers of employees downloading personal software onto work computers, and statistics concerning how many portable devices that were lost had unprotected data on them, among other similarly invaluable information.

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West
Live From ISC West: Day 2

What a great show ISC West 2024 has been so far. The second day on Thursday was as busy or even more hectic than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Sands Expo, because there’s more news coming out than anyone could be expected to keep track of. Read Now
- Industry Events
- ISC West
A Unique Perspective on ISC West 2024

Navigating a tradeshow post-knee surgery can be quite the endeavor, but utilizing an electric scooter adds an interesting twist to the experience. While it may initially feel like a limitation, it actually provides a unique perspective on traversing through the bustling crowds and expansive exhibition halls. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room
Evolv Technology

Southern Ohio Medical Center

New Products

A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

Survey: Companies Not Following Data Security Policies

Allegion US Features Interoperability, Mobile Credentials and More at ISC West

Altronix Showcases Products to Protect Critical Infrastructure at ISC West

Axis Communications Launches Axis Cloud Connect at ISC West 2024

Genetec Security Center SaaS Supports Direct-to-Cloud Workflows With Axis, Bosch, Hanwha, and i-PRO Devices

ASSA ABLOY Introduces Centrios, a New Access Control Brand for Small Businesses

System Surveyor Announces Partnerships with Eagle Eye, Raytec and Avycon

Axis Raises the Bar on Cybersecurity to Provide Wide-Ranging FIPS 140-Compliant Products to Government Customers