Despite the expectation that professionals with sensitive client data would understand the associated risks and responsibilities, the numbers reflect that many professionals working remotely, and their companies, are either unaware or too casual about how to keep this information safe and secure.
The study profiled several professions that routinely handle sensitive client information, including medical practices, legal, real estate, and financial service firms. It found that they were at even greater risk compared to generalized small and medium businesses to experience a significant loss of sensitive business information.
The survey found that while over two-thirds of all small-to-midsize businesses with fewer than 1,000 employees have a formal procedure for backing up company data, 87 percent have no formal policy in place regarding employees' use of personal devices for work purposes.
One-third of companies let employees make their own decisions about how to back up company and client data on their devices, and most companies polled do not have backup or data recovery plans that meet modern standards for data protection. Forty-one percent of small businesses readily store and back up company data on portable USB devices – which may be used by family members, get lost, or even stolen.
Businesses still unaware of risks
Legal professionals trailed the field, with 78 percent of lawyers reporting they were either not at all concerned, not that concerned or only somewhat concerned about the security of their company data for employees using personal devices for work.
While financial services and medical firms are more concerned about the security of their company data than companies in real estate, construction, and law, the majority (more than two-thirds) in each of those industries expressed a lack of concern for risk of loss and security of company data. This lack of discipline creates unnecessary risk in the protection of company and customer data. The numbers do not lie: very important people have very important data that should be better protected.
Without adequate backup and other data security policies, many businesses are ill prepared to protect company and customer data in the event of a hard drive crash, loss or theft.
The survey shows that 30 percent of companies suffered a hard drive crash in the past year. In 70 percent of those cases, data was not fully recovered.
The risk of lost or stolen data is more serious than ever with changing work habits and more employees holding sensitive company data on personal devices. With the start of the new year's business travel season and a larger number than ever of professionals on the road, they carry sensitive company or client data with them on their laptops, tablets and smartphones.
The Mozy survey shows that one in nine businesses have experienced the theft of a laptop, and in 98 percent of such cases they were not able to recover all of the lost data.
While just over two-thirds of companies surveyed do have formal backup processes, most are using antiquated methods such as external hard drives with no online backup connection, or tape. Both are extremely susceptible to failure in the event of an on-site disaster.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.