Bureaucratic IT security processes cause data breaches
Information security processes may hurt more than they help, diminishing staff focus and opening businesses up to a greater risk of data breaches, according to the latest research from Zivver.
Surveying over 6,000 end users and 850 IT decision makers in Europe and the US, this is one of the largest global surveys into secure digital communications and employee productivity.
'Freedom to Focus: securely empowered employees, protected businesses' report examines the balance between having the ability to focus and outbound data security breaches, revealing that half of the employees (50%) found that IT security slowed them down and made them less productive, leading to a likely email error as their mind is distracted from the job at hand.
Meanwhile, the majority of employees (78%) felt that the IT environment requires them to grapple with too many arduous IT security protocols and disparate IT systems, hindering productivity and increasing the risk of mistakes. Most IT leaders (82%) echoed these sentiments, recognizing employees’ right to focus, free of distractions.
Despite growing cyber security threats, the findings highlighted a significant disconnect between IT leaders and employees when it came to data security training. Only a third of employees (36%) spoke of putting their data security training into practice, while another third (33%) questioned its value in the first place.
On the other hand, IT leaders view training as essential (85%), and three quarters (76%) recognised its advantages in reducing email security errors. This disparity is noteworthy because most employees (88%) predominantly rely on, and prefer to use, email for doing their job while, feeling it is a safe channel of communication. The data clearly shows that cybersecurity training is not working, especially in silos. With data leaks on the rise, organizations need to move quickly to use smart technology to bridge this gap, preventing any behaviours that could lead to an outbound risk before it even happens. In fact, four in five (79%) IT leaders think that smarter email data security could reduce errors.
This issue comes at a time when the risk of a data breach through outbound email is higher than ever. Headlines typically focus on high-profile sophisticated cyber-attacks as a means to access confidential data. However, the real risk to organizations has gone under-reported. The research uncovered that a third of IT leaders (33%) believe sensitive data has been put at risk due to outbound emails.
The research also found the widespread use of digital communications tools to assist employees in hybrid work environments is causing collaboration overload – driving employees to distraction (34%) increasing stress (29%), causing difficulties in switching off (25%), and increasing data security concerns (23%).
Zivver’s findings raise important questions for organizations on how to improve employee engagement with security policies that ultimately avoid data leaks. Almost all of IT leaders (91%) agree, saying they could be more progressive in how they manage risk and should regularly review their approach to email security (72%).
Part of this review entails the ramp up of smart technology that works towards replacing an over-reliance on training – which is seen by staff and IT teams alike as putting an unfair pressure on the workforce to act as the first line of defence.
Wouter Klinkhamer, CEO at Zivver, said: “We can try to design cybersecurity so employees don’t make errors, but errors are ubiquitous. The best businesses are those that best manage employee mistakes to prevent them from turning into a security incident. IT teams need to engage with employees without security measures getting in their way and create an effortless and frictionless experience by tailoring security policies and technology to them. Only then can employees truly be empowered in their work, with the freedom to focus without the distraction of clunky IT processes.”
These sentiments overlap with IT leaders who see the same barriers impacting employee productivity and mental health, but to a higher degree. Two thirds of employees (62%) said they make more email errors at work when they are time-poor or distracted (59%) and stressed and frustrated (37%). Indeed, IT professionals (33%) spoke of data loss due to employees attaching the incorrect documents in emails.
Klinkhamer continued: “It is up to business leaders to act with intent to provide workers with the smart technology. With the ability to send emails in a highly secure and unobtrusive way and flagging potential mistakes in advance, employees are empowered to be effective and secure in their day-to-day work.”
Steven Bond, Information Rights Manager at The Open University added: “Email has been heavily relied upon for decades now, for better or worse, to disseminate the lion’s share of communication – from inconsequential one liners to mass broadcasts. As more people than ever have been working remotely, email security has surged up the agenda for businesses. Supporting people to be able to make better decisions, implement effortless tools, and avoid being overloaded should be key drivers for businesses.”