Enterprises in emerging countries including China, India and Brazil — where IT adoption is at a nascent stage — are more prone to loss of company data and other sensitive information due to flouting of company rules by employees.
Even though the behavioural risks of employees behind the data loss are common across different countries, certain practices that result in a serious breach of company policies are more common in China and India, according to a recent study by US-based market research firm InsightExpress. Employees in this region, for instance, carry company data on portable devices and alter the security settings on work devices to access unauthorised websites.
| THE LEAKAGE TRAIL |
Commissioned by networking solutions provider Cisco to examine security and data leakage implications for businesses, the study was based on surveys of more than 2,000 employees belonging to enterprises belonging to different sectors including information technology (IT), in 10 different countries including the US and UK.
The survey reveals that the blurring of the line between work life and personal life is one of the prime factors behind the loss of comapny information by the employees, either knowingly or due to ignorance.
This is leading to proliferation of collaborative devices and applications such as mobile phones, laptops, Web 2.0 applications, video and other social media, used for personal and business purposes.
More From This Section
“Too often, we tend to solve data loss problems without understanding the reasons behind this. Emerging countries like China, India and Brazil are yet to come to the same kind of experience level as enterprises in developed countries are in terms of their IT practice, which makes them more prone to data leakage,” John Stewart, vice-president and chief security officer, Cisco, said.
He said the security in any organisation is ultimately rooted in users' behaviour. “So businesses of all sizes and employees in all professions need to understand how behavior affects the risk and reality of data loss, and what that ultimately means for both the individual and enterprise.”
The study also notes that eight out of every 10 end-users use their company-issued computer for personal matters that includes sending and receiving of personal email through a personal email account on a regular basis. In India, 90 per cent of the respondents agreed that they are sending and receiving personal email through a personal email account on their work devices.
Even though it is a standard practice in organisations to block certain websites due to security reasons, 20 per cent of the employees said they are altering security settings on work devices bypassing the IT policy to access unauthorised Web sites. This was most common in emerging economies like China and India. In terms of altering the security settings on company issued laptops, China leads with about 42 per cent of the users agreeing to have indulged in such activities, followed by 26 per cent in Brazil and 20 per cent in India.
The surprising thing that seven of every 10 people who participated in the survey are aware that such practices are resulting in about half of their respective companies' data loss incidents. This belief is most common in India (79 per cent) and the US (74 per cent). Most of the users in China use their company issued computer for personal matters which includes email, instant messaging and downloading of music/videos.
Apart from incidents of data loss electronically, the study also found that in most cases employees share sensitive information with non-employees. One of every four employees participated in the survey admitted sharing sensitive information to non-employees, verbally.
“In spite of having standard policies in place, increasingly a great deal of information in businesses are getting leaked. This proves that no universal technology can protect data unless enterprises educate their employees about the issue by local training,” said Fred Kost, director marketing, security solutions group, Cisco.