The majority (83%) of security professionals said they believe employees have accidentally exposed sensitive customer or business data at their organization, according to an Egress report released on Thursday. Many of these accidental breaches happen because organizations fail to properly encrypt data before it’s shared externally and internally, the report found.
By failing to encrypt data, organizations are at risk of non-compliance with data privacy regulations including GDPR, HIPAA, NYDFS Cybersecurity Regulation 23 NYCRR 500, and the emerging California Privacy Act, (AB375), the report said. Some 79% of security professionals said their organization shares data internally without encryption.
SEE: Information security policy template download (Tech Pro Research)
The report identified the following five most common technologies that lead to accidental breaches by employees:
- External email services (Gmail, Yahoo!, etc.) (51%)
- Corporate email (46%)
- File sharing services (FTP sites, etc.) (40%)
- Collaboration Tools (Slack, Dropbox, etc.) (38%
- SMS / Messaging Apps (G-Chat, WhatsApp, etc.) (35%)
While the rate of accidental breaches is alarming, new data regulations are changing how information is shared. After major data regulations were enforced, some 59% of respondents said they implemented new security policies, 54% invested in new security technologies, and 52% invested in regular employee training, the repot found.
“The explosive growth of unstructured data in email, messaging apps and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections – combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” said Mark Bower, Egress Chief Revenue Officer and NA general manager, in a press release. “What really stands out in the survey though, is that despite onerous regulations being enacted, companies are still failing to encrypt data before enabling employees to share it.”
Check out this TechRepublic article to learn how organizations can avoid a data breach.
The big takeaways for tech leaders:
- 83% of US security professionals have accidentally exposed sensitive business information. — Egress, 2019
- In order to keep information safe, organizations must encrypt their company’s data. — Egress, 2019