Datapac and Sophos today announce the results of a survey which highlights alarming practices prevalent in Irish workplaces and significant concerns amongst Irish office workers in the ability of their employer to protect sensitive data. The survey1 found only 42% of office workers completely trust their employers with their personal data, and just 47% completely trust their employers to securely protect customers’ data.
The survey of 500 Irish office workers was carried out by Censuswide on behalf of Datapac, Ireland’s leading technology solutions and services provider, and Sophos, a global leader in network and endpoint security.
Password Management Practices
The survey also discovered some worrying trends when it comes to password management practices in the workplace. One-in-five employees admitted to having kept their company password on a post-it note, 16% have shared a work password with a friend or family member, and almost one-third (31%) have shared their password with a co-worker. Furthermore, 44% of respondents said they use three or less passwords to manage their entire digital presence – including both their work and personal online accounts.
According to the survey, employers also fall short when it comes to implementing best practice for password management, with 16% of office workers saying they have never been asked to change their passwords in the workplace.
Dermot Hayden, Ireland country manager, Sophos, commented: “It’s a wake-up call for employers to see how common it is for employees to share their password with others both inside and outside the organisation. Careless behaviour with passwords can easily lead to damaging security breaches and it is important for employers to take the lead on this issue by ensuring adequate processes and controls are in place to protect their business.”
Karen O’Connor, General Manager, Datapac, added: “The appropriateness of an organisation’s password policy and the effectiveness of its implementation are core to risk mitigation within an organisation. Services such as vulnerability testing and threat intelligence monitoring can help identify potential compromises and aid with continuous compliance auditing.”
Data protection and GDPR
The survey also revealed the prevalence of further poor practices when it comes to data access and control in Irish workplaces. It was found that 17% of respondents have accessed work documents and data from a previous job, and 14% have shared documents or data from a previous employer.
Despite the General Data Protection Regulation coming into force in May 2018, the survey also found that 41% of Irish office workers – amounting to more than half-a-million people2 – are yet to receive any form of GDPR training. Additionally, more than half (54%) of office workers are not fully confident that their day-to-day activities in work, such as processing customer data, are GDPR compliant.
A significant number of respondents also indicated they have little knowledge of their organisation’s IT security policies and procedures when it comes to protecting data. Almost one-in-four (23%) admitted they have poor or no awareness of how to prevent data loss within their organisation.
Karen O’Connor continues: “The lack of trust in employers’ ability to secure data is a worrying sign for both employees and consumers but doesn’t come as a complete surprise. As the GDPR deadline loomed last year, many organisations rushed to implement solutions without giving due consideration to what exactly they were trying to protect and why. As a result, a significant number of organisations don’t have the correct tools, training or knowledge in place and, as evident from the survey, have lost the trust of their employees when it comes to data protection.
“For best practice, businesses are encouraged to take a step back – assess the data they process, understand the threats and risks as they pertain to their organisation, and then look to put the relevant controls in place. It is essential also that a mechanism exists to continuously review the effectiveness of those controls over time. This is driving the trend towards managed services that take this continuous approach.
The end-user threat will always be present but regular vulnerability testing, along with well thought out access rights management solutions, can help to mitigate risks. Ultimately, it’s about ensuring only the right people have access to the right data at the right time.”