Skip to main content

Data Privacy: As per an encryption survey nearly one-third of companies and organizations in the US, Canada, India, Australia, Japan, and Malaysia, say they don't regularly encrypt their employees' bank information, and 43% don't always encrypt human resources files.

-

Image result for encryptionStudy: Employee data not encrypted to level of customer data

Employee Data More Exposed Than Customer Data

New encryption report shows midsized organizations fail to encrypt all the sensitive things -- including their own intellectual property and financial data.
Midsized companies do a better job protecting their customer information than that of their own employees or their internal intellectual property, a new study found.

Nearly one-third of companies and organizations with 100- to 2,000 employees in the US, Canada, India, Australia, Japan, and Malaysia, say they don't regularly encrypt their employees' bank information, and 43% don't always encrypt human resources files. Nearly half say they don't routinely encrypt employee health information, according to the Vanson Bourne survey conducted on behalf of security vendor Sophos.

And at a time when the US and other governments are trying to nip cyber espionage for economic gain in the bud via talks with China--one of the main offenders of that practice--nearly one-third of midsized organizations aren't routinely encrypting their financial data and 45% say they don't always encrypt their intellectual property.

Encryption remains a big missing link in many data breaches, and apparently, in many organization's security practices. The study found that 44% of midsized companies say they widely deploy encryption, while 43% do so at some level. US companies encrypt the most (54%) and Malaysia (26%), the least. And overall, just 38% of smaller organizations (100- to 500 employees) encrypt widely, while half of larger ones (from more than 500 to 2,000 employees) do so.
Certain vertical industries of course, such as financial services, adopt encryption more widely.
Image result for encryption"That companies are prioritizing customer over employee data is not surprising. But it is surprising how much employee data is exposed out there. And [that they are] leaving intellectual property and financial data unencrypted was just shocking to me," says Marty Ward, vice president of product marketing at Sophos.
While some 84% of respondents say they're worried about cloud security, about 39% are encrypting all files they send to the cloud, and 47%, some of their files.
Despite the counterintuitive practice of not widely protecting employee and internal organization data with encryption, there are signs of improvement and gradual adoption of encryption as a routine best practice. "Two years ago, the number of them not encrypting was in the 75% range. The fact that we're going toward the 50-50 range is actually an awareness of their part that they don't want to be [the organizations] in the press" hit by a big breach, Ward says.
And the move toward file encryption versus pure disk encryption is also a positive development, he says.

So why are so many midsized organizations still not encrypting all the (sensitive) things?
Nearly 40% cite budget constraints; 31%, performance tradeoffs with encryption; and 28%, lack of encryption deployment know-how. About one-fifth say they don't have legal or regulatory requirements for encryption, and 19% say encryption isn't effective for locking down sensitive information.

The performance and complexity hurdle arguments are "myths that have been busted," Ward contends. "Encryption is a lot simpler" than it once was, and in many cases, invisible to the user, he notes. But given some of the respondents come from smaller firms with few security resources, the complexity argument isn't surprising.

Meanwhile, the good news is that most of the organizations say they do have plans to more widely encrypt their data in the next one- to two years, the report says.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Reference: http://www.darkreading.com/endpoint/employee-data-more-exposed-than-customer-data/d/d-id/1323971

Comments

Post a Comment

Please share your valuable comments and thoughts on this article. Thanks!

Popular posts from this blog

Responding to Software Review Audits- Good tips on how to handle audit requests and settlements

-
Image
Managing Audits to Prevent Unauthorized Disclosures by Technology Teams by Keli Johnson Swan in Blogs , Software Audits Disputes involving software usage are on the rise for businesses of all sizes. In some cases, technical teams respond to a software publisher’s or a third party’s audit request and provide significant amounts of data without notifying anyone on the corporate governance or the legal teams.  It is critical for those teams to evaluate the publisher’s legal ability to audit, and to identify the data the publisher is entitled to request. It is not uncommon for the legal team to discover the existence of a software audit or license verification after the company has received a demand for damages arising from alleged over-usage of software. Often, employees responding to an audit request do not understand the request and provide inaccurate or incomplete information. Once this information is disclosed, it can expose the business to a damages...
Read more

Saas, PaaS and the Cloud? Part 1: Hosted Services Basics for the Sourcing Professional

-
Image
Saas, PaaS and the Cloud? Part 1: Hosted Services Basics for the Sourcing Professional Posted By Christine Wahr and Sarah Hogan on April 8th, 2014 Posted in Cloud Computing , Commercial Contracts , SaaS , Software , Technology Procurement In today’s world, it seems that virtually every business is using or offering some degree of online services. If you’re  involved in making technology purchasing decisions for your business, you likely receive numerous requests related to purchasing hosted services, though the nuances of what a hosted service is and the particular legal considerations such a purchase raises may still be hazy concepts.  If this resonates with you, you are not alone – even the most tech-savvy users can be left confused in this ever-evolving industry.  To assist you in responding rapidly to these requests, we have pulled together a two-part series containing a quick reference guide of basics and top 5 considerations for purchasers of hosted solutions....
Read more

20 apps to help provide easier access to legal help: Good list of apps. Check it out

-
Image
20 apps to help provide easier access to legal help BY JOE DYSART APRIL 1, 2015, 6:01 AM CDT Reference:  http://www.abajournal.com/magazine/article/20_apps_providing_easier_access_to_legal_help Image from  Shutterstock . Just as the smartphone brought computing to the cyberchallenged, it is putting justice into the hands of some who may need it most. Apps for immigrants, the indigent, those who face arrest and the lawyers who help them have been popping up with increasing frequency. And many of those closest to the technology believe the momentum behind the developments is just starting to build. “People talk a lot about digital technologies revolutionizing legal practice,” says Tanina Rostain, a law professor at Georgetown Law Center who teaches a course on the potential of Internet-based technologies for legal practice and pedagogy. “This is the area where the revolution is happening.” Not surprisingly, among the earliest promulgators of justice apps ar...
Read more