Tag: Leave the European Union
Only 18% of British office workers, who use a personal account/device to access work files or emails, say that data is always encrypted by their employer
Better education is still needed to improve personal IT habits
LONDON, UK – December 6, 2016 – A new online survey released today by WinMagic Inc. and conducted by YouGov, has highlighted the risks to corporate data from poor encryption, and employee use of unauthorised and inadequately protected devices.
The survey of British office workers found that 42% use devices not provided by their employer to work with corporate e-mails and files. Half (52%) also use personal online accounts, such as Enterprise File Sharing Services (EFSS) to store or access work files – with only 34% saying they have never done so.
Office workers claim to use a wide range of personal devices to store or access work files and systems including laptops (30%), smartphones (22%) and USB Storage devices (17%).
The top three personal online accounts used by office workers to store and access work files are Hotmail (14%), Gmail (13%) and Dropbox (10%).
Yet these personal devices often lack the same level of security that an enterprise would employ, putting corporate data at risk.
For example, only 52% of respondents protect all their devices with up to date security software.
Although it is the employee’s responsibility to protect personal devices, employers need to do more to control and protect the way in which corporate data is moved. Otherwise, data leaves the organisation without the correct security controls in place – ultimately it should always be under the protection of the organisation, even when it exits the firewall.
Corporate data unprotected in the wild
Only 18% of office workers surveyed said their employer always encrypted the files accessed through personal devices or stored on personal online accounts. Working on data remotely helps employees be flexible and productive, however, one of the most common ways for data breaches to occur is through the loss of a device.
An unprotected device, with unencrypted corporate data may include credit card, medical, or other personal customer data, as well sensitive corporate data and systems, open to use by unauthorised individuals.
Such losses and limited protection, can lead to identity fraud and a company failing to meet the standards expected by regulators, such as the Information Commissioner’s Office (ICO).
The EU General Data Protection Regulation (EU GDPR), will apply to UK companies from 2018 that are ‘controllers’ or ‘processors’ of European personal data, regardless of the UK decision to leave the European Union.
There are stringent rules on the management of personal data, and hefty fines for failures that lead to a breach, accidental or otherwise. Personal data will include identifiers such as an account numbers and even IP addresses.
Mark Hickman, Chief Operating officer at WinMagic, commented: “IT departments need to consider carefully how they strike the balance between giving employees the flexibility they need, and ensuring the security of corporate data.
Achieving that requires a combination of software and employee education, to help improve personal IT habits that are out of control of the workplace.
This is one of many areas where encryption can play a key role, protecting data stored in the cloud and on remote devices, on personal as well as corporate accounts.
Encryption remains the last line of defence, when an online account is breached or a device lost.”
Passwords still a risk
Recently publicised data breaches are just a few of the examples that have led to millions of usernames and passwords getting into the hacking community. With, 26% of office workers admitting they use the same password for some of their work account and personal online accounts, hackers are gaining direct access to both employer and personal accounts. 5% stated they use the same passwords for all work and personal accounts.
Despite admitting the failings of their home security habits, 20% of office workers stated their company allows the use of personal online accounts and devices to access work files, if employees have adequate security software installed.
A further 35% confessed that they should not use personal accounts and hardware at all according to their company policy.
Hickman continued, “Employees are simply trying to get their job done as efficiently as they can, but are often unaware of the risks they could be exposing their employer to. With effective device and encryption management strategies, IT departments can provide transparent and frictionless protection to data, without hampering the productivity of the workforce.”
About WinMagic Inc.
WinMagic provides application aware Intelligent Key Management for enterprise controlled grade encryption, with robust, manageable and easy-to-use data security solutions. WinMagic SecureDoc secures data wherever it is stored, providing enterprise grade data encryption and key management policies across all operating systems while enabling a unified encryption strategy across any end point and virtualized or Cloud IaaS environment.
SecureDoc is trusted by thousands of enterprises and government organizations worldwide to minimize business risks, meet privacy and regulatory compliance requirements, while protecting valuable information assets against unauthorized access.
Ginger PR Ltd
Global Director, Marketing Enablement
NOTES TO EDITORS
All figures, unless otherwise stated, are from YouGov Plc.
Total sample size was 2,053 adults, of which 1,090 were employees.
Fieldwork was undertaken between 27th - 28th October 2016.
The survey was carried out online.
The figures have been weighted and are representative of all GB adults (aged 18+).
It has a business focus of going after midmarket enterprises—organizations with less than 5,000 employees.
The company has also benefited from its channel-based strategy for sales, he added.Going from a private to a public company has not changed Hagerman's priorities or how the business is run. "Going public has not affected Sophos in its strategy or operational priorities, really at all," Hagerman said. "We were already a substantial company when we went public, so we had already been operating like a public company internally, with regular quarterly reporting and an emphasis on year-over-year growth." The only real difference as a public company, he said, is that there are now specific reporting requirements, including doing a public annual report.A careful analysis was done prior to going public, and Sophos listed on the LSE as opposed to NYSE or NASDAQ for a number of reasons, according to Hagerman. One reason Sophos felt the LSE was the right choice was because the company was founded in the United Kingdom and has its headquarters there.
Also, Hagerman said there aren't as many technology vendors listed on the LSE as there are on the NYSE and NASDAQ."We felt that there was a real opportunity to tap into a European investor base that really doesn't have the diversity of technology investment choices that U.S. investors have," he said. Hagerman added that at some point he might consider dual listing on a U.S. exchange, but for now he's satisfied with the LSE.Despite the recent UK vote to leave the European Union (Brexit), Hagerman also isn't too concerned about remaining listed on the LSE. "Over 85 percent of our revenue comes from outside of the UK," he said. "If you look at Brexit from a financial perspective on Sophos, there really has been no change in the demand environment for cyber-security."Cyber-security is typically the top priority for any organization, and Brexit doesn't change that, he said. Plus, Brexit initially triggered a decline in value of the British pound.
The lower-value British currency has had a positive impact on Sophos' profitability.Regarding the company's technology, over the course of the past year, Sophos has been promoting the idea of a synchronized security platform.
In November 2015, Sophos announced its Security Heartbeat initiative, monitoring the security status across an organization.As part of the synchronized security effort, Sophos announced a new XG series of Next Generation Firewall (NGFW) appliances. Hagerman noted that whenever a new platform is introduced, there are likely to be some customers that would rather stick with their existing platform.
As such, Sophos is supporting and innovating on its existing SG series of firewalls as well.Looking at new products, on Aug. 2, Sophos announced a public beta of an advanced endpoint threat detection technology called Sophos Intercept. Hagerman explained that Intercept handles threats such as ransomware, while providing root cause analytics for zero-day exploits."We already have quite effective technology today with Sophos Endpoint, but this [Intercept] will extend and supplement the security coverage even further," he said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.
Follow him on Twitter @TechJournalist.