33% of executives don't trust their organization to protect employee data

The volume of data processed in the enterprise is rapidly increasing, though strategies to secure data, including biometrics, are subject to technical and legal issues.

Here's how Microsoft plans to kill passwords According to Microsoft (and everyone else) passwords are inconvenient, insecure, and expensive. ZDNet's Steve Ranger explains how Windows will use biometrics to replace passwords.

A third of executives in the US are "not confident in their organization's ability to protect employee data from bad actors," according to Dell's 2019 Workplace Security Report, published Tuesday. The survey of 4,600 executives, conducted with Vanson Bourne, queried business leaders across 42 countries. This is only marginally higher than the global average of 29%. Executives in Belgium (38%) and France (37%) lead distrust in Europe, while executives in South Korea (51%) and Singapore (42%) lead in Asia.

The volume of data processed in the enterprise continues to grow, making the task of securing that data more weighty, and potential fallout from an external data breach or internally-sourced inadvertent disclosure similarly perilous. Businesses managed an average of 9.70 petabytes in 2018, compared to 1.45 petabytes in 2016, the report stated. The difficulty of ensuring security of this data weighs heavily on executives, as 49% of survey respondents "believe their organization will struggle to prove it's trustworthiness within the next five years."

SEE: How to set up two-factor authentication for your favorite platforms and services (free PDF) (TechRepublic)

Security is a challenge, however—the practice of memorizing passwords that expire every 60-90 days is irritating and pointless, with Microsoft removing that guidance from Windows Server among consideration of removing it from Windows altogether. 88% of respondents in Dell's Biometric Usage Survey indicate they find it "annoying," leading users to undermine the practice by "writing passwords on sticky notes," or "using their name or meaningful numbers in passwords," the report stated.

Naturally, the report indicates that 64% of respondents to the Biometric Usage Survey—an online poll of 1,050 people aged 18 or older—would use biometric authentication if it were available, while 79% agree that "having security features built into their business PCs help keep company data safe."

Keep in mind the source of this data—a major PC OEM will naturally tout the benefits of integrated biometric security if it sells more hardware. Certainly, end users prefer biometric authentication for simplicity, and IT workers "hate passwords because resetting forgotten passwords is the most tedious job in the world," according to ZDNet's Steve Ranger. 

There's a lengthy list of pernicious problems introduced by biometrics, however. Law enforcement have compelled users to unlock their phones via Face ID, a Vietnamese security firm claims to have cracked Face ID with a 3D printed mask, and the Windows Hello face unlock feature on a Dell Latitude system was cracked using "a modified printed photo of an authorized person."

Legal frameworks have not caught up to dealing with personal privacy in the age of biometric authentication. Last year, police in Florida attempted to unlock a defsecuad man's phone by "by holding the body's hands up to the phone's fingerprint sensor," a plan which was neither successful or actually illegal—there is no expectation of privacy after death, police claimed.

For more, check out "More than 99% of attacks in the past year relied on human error to gain access" and "Fewer than one third of cloud users back up their own application data" on TechRepublic.

Also see

istock-963458488encrypt.jpg

Image: Traitov, Getty Images/iStockphoto