In a survey of 1,000 employers conducted for LogRhythm by OnePoll, 80% said they believe their workers would not view or steal confidential information. However, in a corresponding survey of 2,000 employees, 23% admitted to having accessed or taken confidential data from their workplace, with one in 10 stating that they do it regularly.
The surveys were carried out by LogRhythm to illustrate the gap between employers’ beliefs and some employee behaviour, and to reveal a need for cyber protection.
About 75% of surveyed businesses said they had no systems in place to prevent unauthorised access to company data by employees. Interestingly, a third of employers questioned believe that they do not need such systems at all.
The corresponding survey into employee behaviour revealed that the most accessed confidential data was related to details of colleague salaries (38%) and details of colleague bonus schemes (23%).
In addition, about 60% of surveyed companies said they do not regularly change passwords to stop ex-employees being able to access sites or documents.
Ross Brewer, vice president and managing director for international markets at LogRhythm said: “In an era where data breaches are considered inevitable, and with the government urging for greater consideration of cyber threats within businesses, the amount of employers who are doing nothing about unauthorised access across their networks – and the even higher number who don’t perceive any risk at all when it comes to employee data theft – is staggering.”
However, that said, some employers do have a sense that some employees will steal data. But interestingly, 14% did not even know whether employees have stolen data – even though they believe some would do so. A further 27% could not identify the biggest threats to their confidential data.
Meanwhile, 94% of employees said who had accessed confidential information or stolen company data had never been caught. Brewer added: “There is a clear gap between businesses’ internal security procedures and the harsh reality of employee behaviour.”
LogRhythm believes organisations need to identify security breaches as they occur by using technology such as Security Information and Event Management (SIEM). The company believes this will help organisations develop the ability to see changes that may occur across the IT estate, such as files being accessed without permission or altered or copied to portable storage devices.