Most employees have too much access to confidential data

A new report from Ponemon Institute has revealed that businesses are struggling to apply the appropriate user privileges when it comes to corporate data, with over two-thirds (71 percent) of surveyed employees saying that they have too much access to confidential company data.

In a survey of 2,276 employees (1,166 IT pros and 1,110 end users) from organisations in the US, UK, France and Germany, 71 percent of end users said they had access to data they should not see, while more than half (54 percent) said that this access is either frequent or very frequent.

In addition, 80 percent of IT pros said that their firm doesn't have a strict least-privileges data model, and only 47 percent of end users said that their firms take appropriate steps to protect company data accessed by them. Conversely, some 43 percent say it can weeks, months or even longer to get access to the data they need to do their jobs.

However, most worrying of all is arguably the finding that only one in five of both groups (22 percent) felt that their organisation placed a very high priority on protecting critical information.

The study was sponsored by Varonis and can be downloaded here.

"This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences” says Dr Larry Ponemon, chairman and founder of The Ponemon Institute.