In the News: Companies not adequately protecting employee data, survey finds

Sophos, a global provider of network and endpoint security, recently released the results of a survey suggesting that many companies take the security of their customer data more seriously than that of their employees.

The survey, which included the responses of 1,700 IT decision makers from mid-sized companies with between100 and 2,000 employees in the United States, Canada, India, Australia, Japan and Malaysia, found that despite holding detailed personal data on their own workers – including banking details, HR files and even personal healthcare records – few took enough measures to protect this information from falling into the wrong hands.

Specifically, the survey revealed that 31 percent of those surveyed from companies that hold employee bank details admit that this data is not always encrypted, and the same can be said for 43 percent of the companies holding sensitive employee HR files. In addition, a whopping 47 percent that store data from employee health records fail to consistently encrypt this information.

In the “well that’s good news” stakes, the US is considered the most advanced in terms of data encryption when it comes to employee data, while workers in Japan were the least protected.

In the US, employers cite the need to secure proprietary data – such as intellectual property or corporate financial information – as a key driver in their drive to adopt data encryption. Cloud-based data storage was among the most popular means of storing data, with 80 percent of the companies surveyed reporting that they use such a method, but only 39 percent of companies that used the system actually encrypted the data they sent to the cloud. As such, it comes as no surprise that a whopping 84 percent expressed concern about the safety of cloud data storage.

“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,” comments Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it,” he added.
Do you take steps to protect your employee data? Let us know in the comments.