CSOs shouldn’t assume employees care as much about security as they do

Employees generally want to protect data against compromise but few understand the sensitivity of their data or the role of anything but passwords in protecting it, according to a new study that highlighted the difficulties that over-optimistic CSOs have in building an active security culture.

Although 64 percent of employees use company-approved personal devices for work, a recent Clutch survey found, just 40 percent of employees faced regulations on their use of personal devices – highlighting the continuing exposure of companies to common but problematic bring your own device (BYOD) policies.

High BYOD use was often translating into unintentional security exposure from otherwise “normal” activities such as the use or exchange of documents, the survey found. This ease of access meant that employees often didn’t think about the risks inherent in those activities – compromising their ability to recognise when data is sensitive.

“We’ve seen that at many companies, employees believe that information that needs to be protected is special, sensitive stuff that’s explicitly marked, and most of the everyday communications they receive and send aren’t a risk for their organizations,” said PreVeil CEO Randy Battat in a statement upon the survey’s launch.

“The reality is that the majority of communications, and the majority of an organization’s intellectual capital, can be found in the ‘ordinary’ email or shared file.”