The survey’s primary finding was the revelation that 43% of businesses had been reported to the Information Commissioner’s Office since the General Data Protection Regulation (GDPR) came into effect in May 2018. However, other findings included a third of businesses admitting they struggled to identify and locate data. A similar number admitted not understanding their data protection regulations. Finally, a quarter of them admitted they didn’t adequately secure data.
Working from home and security concerns
While businesses, government bodies, and other organisations had to quickly adapt to home working, this brought significant challenges around security.
Even in companies with a bring your own device (BYOD) policy, there would still have been measures in place to ensure systems and data remained secure. Although some companies may have already had virtual private network (VPN) servers set up for remote workers, many would also have allowed their employees to export data to their devices to work in an insecure environment.
While remote working provides these, and many more, security challenges, creating a secure data environment can subsequently lead to challenges around accessibility and convenience. This point has reared its head in HP’s study and is one that could have potentially catastrophic consequences for businesses.
What’s the problem?
HP’s study found that younger workers were frustrated over accessibility to data and systems.
Consequently, over 50% of 18- to 24-year-olds questioned by HP admitted they were more concerned about meeting deadlines and getting the job done than by the possibility of causing a data breach incident. While cutting corners and the ends justifying the means might work in some industries, it’s not a viable approach for businesses that handle and have obligations to protect customer data.
Worryingly, the report also found that IT security teams had already been forced to relax security levels to prevent younger workers from finding ways around them anyway. HP also found that 76% of IT teams say that security became a lower priority given the need for business continuity amid tension with other departments. Meanwhile, 91% admitted they felt pressure to compromise IT security to ensure business continuity.
Despite businesses quickly adapting to remote working when they needed to, such an outcome undoubtedly raises questions about how prepared they were to do so. If proper business continuity plans were in place, surely there wouldn’t have been any need to compromise on anything, let alone security?
Apathy among workers increases the risk even further
Another worrying finding from the HP survey was that 48% – rising to 64% among 18- to 24-year-olds – of workers believed IT security measures were a waste of time.
When aligned with compromised security measures, such apathy and complacency are a toxic mix. IT teams recognise this only too well, with 83% believing attitudes to security and increased home working have created a “ticking time bomb” for a data breach.
Commenting on the findings of the study, Ian Pratt, Global Head of Security for Personal Systems, HP, said, “The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born.
“If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive.”
Curbs causing friction where they are in place
While the headline findings from the HP study paint something of a bleak picture, it seems businesses have at least attempted to improve their security:
- 91% reported they had updated security policies to reflect the increase in home working.
- 78% reported they had restricted access to various websites and applications.
Yet, at the same time:
- 80% of IT teams said they experienced pushback from putting measures in place.
- 67% said they had people within their business complaining about these each week.
Summing up the study, Pratt was clear on the solutions, adding, “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity.”
If your personal data has been exposed due to negligence or a failure in an organisation’s IT security systems, you could be entitled to compensation. Contact us today for a FREE, no-obligation assessment of your data breach claim.