There is a general lack of awareness and enforcement of security policies and procedures in companies today, according to new research announced by privacy and information management research firm, Ponemon Institute. The report, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies, was sponsored by IronKey, maker of the world's most secure flash drive, and examines the challenges facing IT professionals in securing confidential data.
• The majority of respondents admit to serious non-compliant workplace behaviors that place their companies at risk. Such behaviors include the insecure use of USB memory sticks, use of Web-based email, sharing passwords, turning off security settings and more.
• According to the study, 69 percent of employees surveyed said that they copy confidential or sensitive business information onto USB devices, while only 13 percent of respondents said their companies have a policy that allows this, showing a 48 percent non-compliance rate.
• 61 percent admitted to copying confidential or sensitive business information onto USB devices, and then transferring the information to another computer that is not part of the corporate network.
• Over half of the respondents said that they download personal Internet software to their company computers, which significantly increases the risk of introducing viruses, worms and other malware into an organization's network.
• 58 percent of the respondents said that their companies do not provide adequate training about compliance with data security policies, and about the same number said the data security policies are ineffective.
• Approximately half of the survey participants said their corporate data security policies are largely ignored by employees and management, and that the policies are too complex to understand.
• Compared with a similar study conducted by Ponemon Institute in 2007, the rate of non-compliant employee behavior appears to be getting worse over time.
Supporting Quotes: "As mobile devices become more and more prevalent in the workplace, our research shows that policies and enforcement are not keeping up with the increased risk of a data breach," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Employees are under tremendous pressure to be highly mobile and productive, but they aren't being properly educated on the risks to data integrity; they are taking data outside of the organizational structure without complete understanding or awareness of the serious implications of a breach or misuse of sensitive information."
"This research highlights an urgent need for organizations to implement and enforce comprehensive policies for mitigating the risks associated with the storage and mobility of proprietary data," said John Jefferies, vice president of marketing at IronKey. "While organizations have made improvements in some areas, this study shows the lack of enforcement of data security policies, the need to automate enforcement where possible, and responsibility for organizations to invest in educating and training employees to help them understand the importance of compliance."
Methodology: Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies is a survey of U.S.-based end-users of corporate information technologies. Results were derived from 967 responses from a sampling frame of 17,021 (5.7% response rate).
• Full Study Link: ironkey.com/ponemon
• Webinar Link: ironkey.com/webinars/ponemon/files/lobby.html
• Dave Jevans, IronKey CEO Blog: blog.ironkey.com/
• The Ponemon Institute: ponemon.org/
• Dr. Ponemon Blog: ponemon.org/blog/dr-ponemons-blog
About the Ponemon Institute
The Ponemon Institute© (ponemon.org) is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
IronKey's award-winning products and services combine the world's most secure flash drive with the world's most powerful USB management software. IronKey's USB flash drives bring the power of authentication, encryption, identity management and privacy to businesses and consumers in 23 countries. IronKey's management software and associated services allow enterprises of all sizes, government agencies, the military, and other organizations to take back control of the mobile data that has been leaking out of their organizations due to the uncontrolled proliferation of USB drives. With IronKey (ironkey.com), organizations centrally administer, remotely manage, and enforce policies on thousands of devices located anywhere in the world. Over 50 Fortune 500 companies, government agencies and military organizations that handle some of the most sensitive security information in the world trust IronKey to protect business critical data. All IronKey products are FIPS 140-2 Level 2 validated.
Founded in 2005, IronKey is privately held and based in Los Altos, CA.