Businesses are placing too much trust in their employees when it comes to safeguarding company data, a study has revealed.
Three-quarters of UK employers surveyed by OnePoll for security company LogRhythm said they had no enforceable systems to prevent employees gaining unauthorised access to company data.
Some 80% said they did not believe any of their employees would view or steal confidential information, yet a poll of employees showed 23% had accessed or taken confidential data from their workplace.
One in ten employees admitted they access confidential data regularly.
The biggest target is confidential data relating to colleague’s salaries and bonuses, with 94% saying they can access such data without their firm’s knowledge.
The employers’ survey showed a third do not believe there is a need for systems to protect data from employees. Nearly two-thirds do not regularly change passwords to stop ex-employees accessing sites or documents.
Read more about security intelligence
“There is a clear gap between businesses’ internal security procedures and the harsh reality of employee behaviour,” said Ross Brewer, vice-president and managing director for international markets at LogRhythm.
“In an era where data breaches are considered inevitable, and with the government urging for greater consideration of cyber threats within businesses, the number of employers who are doing nothing about unauthorised access across their networks – and the even higher number who don't perceive any risk at all when it comes to employee data theft – is staggering,” he said.
According to Brewer, many organisations have no idea what is happening on their networks.
“With recent government proposals to increase the sharing of cyber threat intelligence among businesses, the first stage must be to ensure that more employers have the right level of visibility to track suspicious or abnormal behaviour on their own networks – but this is clearly not happening,” he said.
The survey showed more than a quarter of employers could not identify the biggest threats to their confidential data, while 14% who thought employees would steal data, did not know whether they had.
“One of the main reasons why the ‘era of the data breach’ is now hitting hard and fast is that organisations just do not have the level of visibility into their IT networks needed to secure their ever-growing infrastructures,” said Brewer.
Employers need to ensure they are proactively monitoring every single activity that occurs across their entire IT estate, rather than placing too much trust in reactive perimeter defences, he said.
Perimeter defences, like security strategies focused on securing particular areas of the IT estate, do not give organisations any insight into anomalous network activity, said Brewer.
LogRhythm claims that, by making better use of the data generated by networks through security intelligence platforms, data breaches can be identified before they have a chance to escalate.