Survey: 83 Percent of U.S. Organizations Have Accidentally Exposed Sensitive Data

National Survey Commissioned by Egress Finds That Employees
Frequently Expose Data via Email; Companies Fail to Encrypt Data Before
Sharing, Putting them At Risk of Non-Compliance with Data Privacy
Regulations

BOSTON–(BUSINESS WIRE)–According to a national survey commissioned by Egress,
83 percent of security professionals believe that employees have
accidentally exposed customer or business sensitive data at their
organization. The survey found that accidental data breaches are often
compounded by an organizational failure to encrypt data prior to it
being shared – both internally and externally – putting their
organizations at risk of non-compliance with major data privacy
regulations, such as NYDFS Cybersecurity Regulation 23 NYCRR 500, GDPR,
HIPAA and the emerging California Privacy Act (AB375).

Accidental Breach: Employees Expose Sensitive Data via Email and File
Sharing

An overwhelming number of security professionals
believe that employees have put customer PII and business sensitive
information at risk (83 percent). This is largely driven by the
explosive growth in unstructured data (emails, documents, files, etc.),
combined with the growing number of ways employees can communicate
internally and externally.

Respondents named the five most
common technologies that have led to accidental data breaches by
employees:

  • External email services (Gmail, Yahoo!, etc.) (51 percent)
  • Corporate email (46 percent)
  • File sharing services (FTP sites, etc.) (40 percent)
  • Collaboration Tools (Slack, Dropbox, etc.) (38 percent)
  • SMS / Messaging Apps (G-Chat, WhatsApp, etc.) (35 percent)

According to Egress, some of the most common email accidents that lead
to data breaches include:

  • Accidental sharing / wrong email address (The Outlook Auto-Insert
    problem)
  • Email forwarding of sensitive data
  • Sharing attachments with hidden content
  • Forwarding data to personal email accounts

Warning: Encrypt Before Sharing
The survey found that
a large majority of organizations fail to encrypt data before its shared
– both internally and externally. This compounds the accidental breach
problem, ensuring that any mistake by an employee will result in data
definitely being exposed. As a result, organizations are at risk of
non-compliance with major data privacy regulations, such as GDPR, the
NYDFS Cybersecurity Regulation (23 NYCRR 500), and the recently-passed
California Consumer Privacy Act. According to the survey:

  • 79 percent of organizations share PII / sensitive business data
    internally without encryption
  • 64 percent of organizations share PII / sensitive business data
    externally without encryption

Despite the failure to encrypt, data privacy regulations are driving
changes in organizational approaches to security. When asked how new
data regulations changed how information was shared, respondents stated
they:

  • Implemented new security policies (59 percent)
  • Invested in new security technologies (54 percent)
  • Invested in regular employee training (52 percent)
  • Restricted the use of external data sharing tools (44 percent)

Security in 2019: Ransomware Still Represents the Biggest Risk
Following
the devastating and high-profile damage caused by ransomware attacks
such as WannaCry and NotPetya, security professionals believe that
malware and ransomware remain the biggest risk to their organization.

When asked what the biggest overall risks to IT was in the coming year,
respondents indicated the following:

  • Malware and/ or ransomware (48 percent)
  • External attacks from cybercriminals (45 percent)
  • Accidental data breaches by employees (40 percent)
  • Also noted: phishing and/ or spear phishing (39 percent); malicious
    internal breaches (31 percent); DDoS attacks (22 percent)

“The explosive growth of unstructured data in email, messaging apps and
collaboration platforms has made it easier than ever for employees to
share data beyond traditional security protections – combine this with
the growing cultural need to share everything immediately, and
organizations are facing the perfect storm for an accidental breach,”
said Egress Chief Revenue Officer and NA General Manager Mark Bower.
“What really stands out in the survey though, is that despite onerous
regulations being enacted, companies are still failing to encrypt data
before enabling employees to share it. Encryption is a well-known best
practice that can prevent accidents from leading to a major incident
resulting in hefty compliance penalties.”

About the Egress Data Privacy Survey
The Egress data privacy
survey was conducted by Opinion Matters research group among 1,000
U.S.-based senior and mid-level security professionals at organizations
of 500 employees or more.

For more information, please download the full survey and report from: https://pages.egress.com/2019-Data-Privacy-research.html

About Egress Software Technologies
Egress helps enterprises
protect unstructured data to meet compliance requirements and drive
business productivity. The company’s AI-powered platform enables users
to control and secure the data they share. The award-winning solution
provides email and document classification, accidental send prevention,
email and file protection, secure online collaboration and audit and
compliance reporting.

Trusted by over 2,000 enterprise organizations and governments around
the globe, Egress offers a seamless user experience, powerful real-time
auditing and patented information rights management, all accessible via
a single global identity. A privately-held company, Egress has offices
in London, UK, Boston, USA, and Toronto, Canada.

Contacts

Egress Media Contact:
Brian Merrill
fama PR for Egress
Software
617-986-5005
egress@famapr.com

error: Content is protected !!