Encryption survey exposes risk to employee data
Sophos reveals businesses failing to take advantage of encryption services to protect employees
Security specialists Sophos publicised the results from its ‘The State of Encryption Today' survey and discovered private, highly-sensitive employee information is at risk.
The survey polled 1,700 IT decision makers from mid-sized businesses in the US, Canada, India, Australia, Japan and Malaysia. Out of the six countries, the US ranked as most advanced, with 79% of organisations claiming to always secure employee bank details, however in comparison, only 48% in Japan failed to encrypt personal data.
Whilst companies take customer data seriously, employee data is not protected to the same level. Sophos revealed 31% of companies admitted employee bank details are not always encrypted, 43% confessed to not always encrypting sensitive employee HR data and 47% of companies storing healthcare information, again fail to consistently encrypt these records.
"Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy," commented Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. "While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it."
Despite 80% of the companies using the cloud for storage, 84% expressed concerns about the safety of data stored in the cloud and only 39% encrypt stored files. Again, the US topped all six countries, however Malaysia is on the opposite end of the spectrum with on 17% of businesses actively encrypting files in the cloud.
Sophos highlighted 69% plan to increase encryption over two years, however budget, performance concerns, and lack of deployment knowledge are the top three barriers preventing a solution.
Schiappa added: "Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective."