Digital Transformation

Almost half of IT workers are unfamiliar with data security policy, survey finds

Just 56 per cent of IT workers knew their company’s policy approach to data.

Research by advisory firm Forrester Research has found that while most companies have a data security policy, almost half of their IT staff are likely to be unfamiliar with it.

And as the survey of over 2,000 IT workers in North America and Europe shows, if IT staff are unaware of data storage policy, it’s likely breaches are being made.

According to the reports, 56 per cent of IT staff admitted that they were aware of their employers’ current data security policy – leaving a substantial chunk of workers unfamiliar with data security rules.

"It’s not simply just a matter of having the appropriate tools and controls in place," the Forrester paper said. "It’s worth noting that only 56 per cent of information workers in North America and Europe say that they are aware of their organisation’s current security policies."

And Forrester Research’s Heidi Shey noted that companies need to not only put a policy in place, but enforce it and ensure staff are both trained in and familiar with the legislation.

"Consider employee awareness to be another layer of security, and realise that educating employees is also internal PR outreach for the security group," she wrote. 

The report went on to note that the majority of data breaches occurring at companies surveyed in the past twelve months were caused by employees, highlighting the need for staff to be properly trained to minimise security concerns. Just 25 per cent of data breaches were found to be from malicious outside attacks.

"Given all the media attention on data and privacy breaches, hacking, and advanced persistent threats today, it’s easy to assume that all the major threats to your organisation come from external actors," Shey continued. "Not completely true."

Outsourcing data management to cloud providers doesn’t just mean the hardware and software is frequently updated and maintained without cost to the company: it also means staff are trained to ensure data breaches are kept to a minimum.