Skip to main content

Data Privacy: As per an encryption survey nearly one-third of companies and organizations in the US, Canada, India, Australia, Japan, and Malaysia, say they don't regularly encrypt their employees' bank information, and 43% don't always encrypt human resources files.

-

Image result for encryptionStudy: Employee data not encrypted to level of customer data

Employee Data More Exposed Than Customer Data

New encryption report shows midsized organizations fail to encrypt all the sensitive things -- including their own intellectual property and financial data.
Midsized companies do a better job protecting their customer information than that of their own employees or their internal intellectual property, a new study found.

Nearly one-third of companies and organizations with 100- to 2,000 employees in the US, Canada, India, Australia, Japan, and Malaysia, say they don't regularly encrypt their employees' bank information, and 43% don't always encrypt human resources files. Nearly half say they don't routinely encrypt employee health information, according to the Vanson Bourne survey conducted on behalf of security vendor Sophos.

And at a time when the US and other governments are trying to nip cyber espionage for economic gain in the bud via talks with China--one of the main offenders of that practice--nearly one-third of midsized organizations aren't routinely encrypting their financial data and 45% say they don't always encrypt their intellectual property.

Encryption remains a big missing link in many data breaches, and apparently, in many organization's security practices. The study found that 44% of midsized companies say they widely deploy encryption, while 43% do so at some level. US companies encrypt the most (54%) and Malaysia (26%), the least. And overall, just 38% of smaller organizations (100- to 500 employees) encrypt widely, while half of larger ones (from more than 500 to 2,000 employees) do so.
Certain vertical industries of course, such as financial services, adopt encryption more widely.
Image result for encryption"That companies are prioritizing customer over employee data is not surprising. But it is surprising how much employee data is exposed out there. And [that they are] leaving intellectual property and financial data unencrypted was just shocking to me," says Marty Ward, vice president of product marketing at Sophos.
While some 84% of respondents say they're worried about cloud security, about 39% are encrypting all files they send to the cloud, and 47%, some of their files.
Despite the counterintuitive practice of not widely protecting employee and internal organization data with encryption, there are signs of improvement and gradual adoption of encryption as a routine best practice. "Two years ago, the number of them not encrypting was in the 75% range. The fact that we're going toward the 50-50 range is actually an awareness of their part that they don't want to be [the organizations] in the press" hit by a big breach, Ward says.
And the move toward file encryption versus pure disk encryption is also a positive development, he says.

So why are so many midsized organizations still not encrypting all the (sensitive) things?
Nearly 40% cite budget constraints; 31%, performance tradeoffs with encryption; and 28%, lack of encryption deployment know-how. About one-fifth say they don't have legal or regulatory requirements for encryption, and 19% say encryption isn't effective for locking down sensitive information.

The performance and complexity hurdle arguments are "myths that have been busted," Ward contends. "Encryption is a lot simpler" than it once was, and in many cases, invisible to the user, he notes. But given some of the respondents come from smaller firms with few security resources, the complexity argument isn't surprising.

Meanwhile, the good news is that most of the organizations say they do have plans to more widely encrypt their data in the next one- to two years, the report says.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Reference: http://www.darkreading.com/endpoint/employee-data-more-exposed-than-customer-data/d/d-id/1323971

Comments

Post a Comment

Please share your valuable comments and thoughts on this article. Thanks!

Popular posts from this blog

GDPR Data Protection Case-Law Guide

-
Data Protection Case Laws   https://rm.coe.int/guide-data-protection-eng-1-2789-7576-0899-v-1/1680a20af0 This Guide is part of the series of Case-Law Guides published by the European Court of Human Rights (hereafter “the Court”, “the European Court” or “the Strasbourg Court”) to inform legal practitioners about the fundamental judgments and decisions delivered by the Strasbourg Court. This particular Guide analyses and sums up the case-law on data protection under the European Convention on Human Rights (hereafter “the Convention” or “the European Convention”). Readers will find herein the key principles in this area and the relevant precedents. The case-law cited has been selected among the leading, major, and/or recent judgments and decisions. The Court’s judgments and decisions serve not only to decide those cases brought before the Court but, more generally, to elucidate, safeguard and develop the rules instituted by the Convention, thereby contributing to the observance by th...
Read more

Challenges with Moonlighting by Employees in India

-
A Detailed Deliberation on Moonlighting Moonlighting is undoubtedly the new hot topic that has got everybody talking, so here's a detailed legal deliberation on it. Published on https://www.thinkbridge.com/blog-post/a-deliberation-on-moonlighting August 30, 2024 Ankit, a CA by profession resides in the capital city of Delhi, and he works for one of the Big Four accounting firms. While he earns a seven-figure salary, he still decided to take up a side gig because well we all want more and more! So for the past year, he has been slyly rendering his consultancy services and his clientele has increased steadily, but his employers have no idea about this. Ankit feels that there's no harm in making that extra income as he does his private consultancy work on weekends, whereas on weekdays, he ensures to put his best foot forward in his regular job. And well this is where the new white-collar evil moonlighting seeps into the picture but is it really an evil? To understand t...
Read more

How to handle contract risk and mitigation of the risk- Good read!

-
Image
The Contract Said What? Buffering Employees from Contract Risk By Spiwe L. Jefferson  |  2017-May-30   After issuing communications training and killing text messages that created contractual obligations for the company, our fictitious legal team at Sunderland Manufacturing thought they addressed their last issue at the intersection of employee behavior and litigation risk. Unfortunately, more problems point to a different area of risk worse than the last.   "B arry, we have a problem,” said Jason Parks to Barry Miles, deputy general counsel of Sunderland Manufacturing. Jason was Sunderland’s trial counsel, discussing a multi-million dollar wrongful death suit by the estate of a plaintiff who allegedly died when his Sunderland pacemaker failed. “Did our pacemaker malfunction?” Barry inquired. “No,” said Jason. “Did we fail to instruct the hospital on its use?” Barry asked. “N...
Read more