Fear and shame are making it harder to fight ransomware and accidental data loss, report finds

A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. Even more would lie about a ransomware infection.

istock-961429488frustrated.jpg

Deagreez, Getty Images/iStockphoto

A study of knowledge workers in 10 countries found that workplace cultures of blame and fear are causing businesses to lose critical, sensitive data that could have otherwise been saved if employees were comfortable enough to come forward.

Enterprise data protection company Veritas Technologies published the study, which focused on "the damage that workplace blame cultures are having on the success of cloud adoption," and focuses specifically on worker response to incidents they've had on those platforms. 

SEE: Google Chrome: Security and UI tips you need to know  (TechRepublic Premium)

Among the study's findings is the fact that 56% of office workers admit to having accidentally deleted files hosted in the cloud. While 20% do so multiple times a week. To average it all out, the report said, the typical office worker accidentally lost 29 documents in the past year.

Thirty-five percent of those who admit to accidentally deleting files report lying to cover up what they had done. In 43% of those cases, no one noticed the mistake, meaning that whatever data was lost was never noticed. In 20% of the instances where someone did realize what had happened, the data they had accidentally deleted was irrevocably lost. 

When it comes to ransomware, employees are even more likely to lie, or outright never mention an incident in which they had introduced ransomware to their business network: Only 30% said they would notify IT as to what had happened, including their role in it. Twenty-four percent said they would notify IT but leave themselves out of the story, 16% would try to recreate the documents they lost to the ransomware, 11% would log out and pretend nothing happened and 8% said they would do nothing and hope the problem resolved itself. 

Why no one wants to admit it was their fault

Veritas said that a workplace culture of shame is making people afraid to come forward and admit an IT incident was their fault. Veritas GM of SaaS protection, Simon Jelley, said that businesses need to foster a culture of help and trust or both accidents and cybersecurity incidents will be harder to address.

"There's often a short window where businesses can act to minimize the impact of deleting or corrupting the cloud-based data office workers use. Leaders need to motivate employees to come forward as soon as possible so IT teams can act fast to take remedial action. It's clear from this research that shaming and punishment are not ideal ways to do that," Jelley said. 

In addition to their fear over admitting mistakes, 92% of respondents also have a false belief that cloud providers are able to easily reverse their mistakes, which Jelley said is a myth that will continue to put businesses at risk for as long as it perpetuates. 

"Most cloud providers only provide guarantee of resiliency of their service, they do not provide guarantees that a customer, using their service, will have their data protected," Jelley said. 

SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)

The combination of false confidence and a fear of shame has created an environment where workers put losing documents and introducing ransomware higher in their list of most stressful situations than a job interview, public speaking or a first date. 

Making recovery easier, and losses minimal, means both not blaming employees and creating a culture where people aren't afraid to come forward, the report said. Jelley has another tip: Fears about being the cause of lost data can't exist if the data can't be lost. Rather than getting angry when it happens, take proper steps to prevent it. "Blaming people doesn't help —backing up your data however, does," Jelley said. 

Also see