Common knowledge would dictate that it is the lower-tier employee, towards the bottom of the corporate ladder with little to no personal identification with the brand, who is most likely to mishandle sensitive corporate information. Even if they are truly passionate and engaged, these employees are the ones working the trenches, interacting with clients and customers from nine to five every day, thus exposing themselves to carelessness or malevolence. With bring your own device (BYOD) initiatives becoming ever more popular, it wouldn’t be surprising to learn that the most data vulnerabilities originate at this level.
In this case, however, common knowledge would be wrong.
A new study released by global investigations, intelligence and risk services company Stroz Friedberg revealed that the greatest information security risks are, in fact, senior managers. According to a national survey of 764 information workers, 87 percent of senior managers “frequently or occasionally send work materials to a personal email or cloud account to work remotely, putting that information at a much higher risk of being breached.” In addition, while 25 percent of rank-and-file workers report having sent the wrong person sensitive information by accident, this figure is more than double for senior management (58 percent).
Image via Shutterstock
It appears that, regardless of their level of personal investment in a company’s success, it is senior management’s greater access to valuable information that makes them the worst security offenders.
"Insiders are by far the biggest risk to the security of a company's sensitive information, whether it's a careless executive or a disgruntled employee. When information is compromised, a company's reputation, customer base, and share price may suffer," said Michael Patsalos-Fox, CEO of Stroz Friedberg.
Many of these vulnerabilities are being brought about by BYOD, as workers increasingly use their own personal smartphones, tablets, and cloud services in an effort to remain productive both in and out of the office. Because these devices and services lay outside the purview of corporate IT, assuring data and application security is extremely challenging. According to the report, this is “opening the door for businesses to encounter new and emerging threats from hackers, malware, and viruses.”
A lot of it comes down to education and training. The survey revealed that just 35 percent of respondents receive regular training and communications on mobile device security from their employers, with only 42 percent of employees reporting information sharing training. This underscores the need for effective mobile device management software coupled with a corporate culture of education and awareness regarding data security vulnerabilities and best practices.
"Because employees use their personal smartphones and other powerful technology increasingly in the workplace, it is crucial for companies to update their technology use policies and training programs," said Ed Stroz, executive chairman of Stroz Friedberg, "Training, along with effective policies and ensuring compliance, are a company's best lines of defense against insider information security threats. It's an important part of a holistic security approach that recognizes the interdependency of technical and physical security."
Those with effective mobile device management solutions in place, such as the MobileIron Mobile IT platform, will find it much easier to secure and manage apps, docs, and devices (both corporate and personal alike). This way, companies can fully leverage the productivity gains afforded by BYOD while still assuring the security and integrity of corporate assets.
Edited by Alisen Downey