Even more concerning is that the vast majority (93 percent) of these devices contained work related data, including confidential emails (49 percent), confidential files or documents (38 percent), customer data (24 percent) and financial data (15 percent). Despite the risks, organisations are failing to put in place basic security rules: of those organisations who have, or plan to implement, a remote working or security policy, nearly a third (32 percent) do not specify that devices taken outside the office must be protected with either encryption or passwords. And a quarter (25 percent) does not specify that digital files taken outside the office must be protected with either encryption or passwords.
With over a third of organisations reporting that a device has been lost or stolen in the past six months, the ramifications can be serious. Thirty seven percent of respondents were aware of someone in their organisation having faced disciplinary action due to lost files or work data, and 32 percent were aware of an employee having lost their job as a result within the last year.
However, companies are still failing to control how data leaves the office, with nearly half (48 percent) admitting that they cannot keep track of how employees take data with them, and 54 percent saying that data could be more adequately secured.
“Even amidst continued warnings about data security, and with data breaches making headlines on an almost daily basis, organisations are still not able to secure their intellectual property. The benefits of encryption and password protection are not new, but businesses are simply not enforcing basic security practices,” said Nicholas Banks, Vice President EMEA and APAC, IronKey.
“What’s more, businesses are aware of employees breaking their organisation’s security rules to take work outside of the office (67 percent), yet they are doing nothing to address the issue. These responses highlight a careless attitude toward company devices and data. Employees, including senior management, appear to be unaware of the full impact of data loss, and it is exactly those senior level execs that employees are looking to for education, and action, to prevent sensitive data falling into the wrong hands. Organisations have a duty to secure corporate information and the devices on which it is stored,” Banks added.