Companies Aren’t Adequately Protecting Employee Data

Cybersecurity has become a top priority of IT leaders, but it seems that patching vulnerabilities hasn’t caught up when it comes to certain data. Many organizations are securing their customers’ data but have not given the same consideration to protecting data related to their employees.

Sophos, a global provider of network and endpoint security, says that private, highly sensitive employee information—including banking details, HR files, and personal healthcare records—is at risk.

The State of Encryption Today, the company’s recent survey of 1,700 IT decision makers from midsize (100 to 2,000 employees) businesses in the United States, Canada, India, Australia, Japan, and Malaysia reveals that many companies take the security of their customer data more seriously than that of their employees.

For example, 31% of the surveyed companies that hold employee bank details admit that these data are not always encrypted. Forty-three percent of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47%) fail to consistently encrypt these records.

Of the U.S. companies surveyed that do use encryption, 79% claim to always secure employee bank details, making it the most advanced of the six countries surveyed. By comparison, 48% in Japan fail to consistently encrypt employee bank details, making their employees the least protected.

Company data remain at risk as well. Nearly one-third (30%) of all organizations surveyed fail to always encrypt their own corporate financial information, and nearly half (41%) inconsistently encrypt files containing valuable intellectual property. The percentage is higher in the United States, where 62% of organizations cite the need to secure proprietary data as a key driver to encryption.

Cloud data security is also driving encryption adoption. More than 8 in 10 companies surveyed (84%) expressed concern about the safety of data stored in the cloud. Nevertheless, while 80% are using the cloud for storage, only 39% encrypt all files stored in the cloud. The United States leads all six countries with a propensity to encrypt all files in the cloud, with 48% of those surveyed in America doing so. Malaysia is at the opposite end of the spectrum, with only 17% of businesses surveyed encrypting all files in the cloud.

“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,” comments Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it.”

A white paper containing the full survey results can be accessed at here.