More than half of business managers in the UK switch off encryption while a third write down keys and passwords

News by SC Staff

Employees are continuing to put data at risk by disengaging encryption and circumventing company data security policy.

Employees are continuing to put data at risk by disengaging encryption and circumventing company data security policy.

The report by Absolute Software and the Ponemon Institute claimed that business managers continue to pose the greatest threat to sensitive company information by turning off their laptops' encryption solution.

The study found that 52 per cent of Canadian, 53 per cent of British and 50 per cent of French business managers have disengaged their encryption, while US business managers are the most likely to circumvent company data security policy - topping the survey at 60 per cent.

The report also found that 95 per cent of IT practitioners report that someone in their organisation has had a laptop lost or stolen and 72 per cent report that it resulted in a data breach. Only 44 per cent report that the organisation was able to prove the contents were encrypted.

John Livingston, chairman and CEO of Absolute Software, said: “This year's global study gives us graphic evidence that IT and compliance departments continue to have insufficient tools to enforce company policies – especially those that are designed to protect sensitive company information.

“Despite their best efforts including deploying encryption technology, they are consistently thwarted by improper user behaviour. ‘The Human Factor in Encryption' study shows that no matter which country you are located in, you need to seriously contemplate the degree to which your own employees may be contributing to the potential for business-jeopardising data breach incidents. You must take the human factor out of your computer security plan."

Also, 36 per cent of business managers surveyed record their encryption password on a document such as a post-it note, or share the key with other individuals. In contrast, virtually none of the IT practitioners record their password on a private document or share it with another person.

Stuart Hodkinson, general manager at Courion, said: “Encryption is a basic security step for enterprises, but it can be completely undermined without proper identity and access management processes. Poor password management, for instance, could allow someone with the wrong access rights to bypass encryption and access sensitive data. Encryption can create a false sense of security when used alone, and can't stop bad guys if they have the right credentials.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews