One in three companies take compliance risks
Posted on 02 October 2012.
Despite having corporate security and compliance policies and solutions in place, there is a widespread lack of confidence in their effectiveness. According to a DataMation survey, 84% of respondents believe employees/co-workers violate security and compliance policies for transferring files electronically and only 45.5% feel these policies are fully understood.

Adding to respondents’ compliance woes, nearly one in three admit their company knowingly takes risks because they don’t have the resources to be totally compliant. Considering these results, it’s no surprise that only 37.5% of respondents state they are very confident that their organization would pass a compliance audit if selected.

The survey polled more than 200 IT and business decision-makers across the U.S. and Canada to gain insight into corporate email and FTP habits. The survey particularly focused on those in industries that routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.

Though 80% said their company has security and compliance policies for transferring files electronically, respondents feel they are not clearly understood or followed.
  • Only 45.5% of this group feel employees/co-workers fully understand these policies.
  • 84% believe employees/co-workers routinely or occasionally violate security and compliance policies.
Consumer-based applications for sharing files often have weak security and IT administrative controls, leading to potential data leakage and serious risks with sensitive information if used in the workplace. Despite this:
  • 34.2% of respondents have used, or recommended that others use, free consumer-type file transfer services such as YouSendIt, Dropbox, iCloud, etc. for work purposes.
  • 43.4% stated their company does not forbid the use of free consumer-type file transfer services.
  • 52% said their company does not block the URLs to free consumer-type file transfer services.
The ability to send sensitive information securely and compliantly via email is vital. Yet, despite growth in usage, survey data shows many companies are still lacking basic tools for secure data delivery.
  • 34.5% of respondents do not have the ability to encrypt email.
  • 28.9% said their company does not monitor the content of outbound email and file attachments for compliance purposes.
  • 42.5% are only “somewhat” confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes, and an additional 3.8% are not confident at all.
  • 54% do not have a single tool for securely encrypting sensitive email and transferring files.
Failing to pass a compliance audit can result in costly fines and damaged reputations. Even so, the survey shows companies are taking risks, either because they lack the resources to fully comply, or, don’t feel it’s likely their organization will be audited.
  • When asked to describe their company’s approach to compliance, 31.5% said they take risks because they don’t have the resources to be totally compliant.
  • 38.6% of respondents feel it is not likely their company will be selected for a compliance audit in the next 12 months, with 37.5% saying it is only “somewhat” likely.
  • Only 37.5% of respondents are very confident their company would pass a compliance audit.
“Data breaches are more prevalent than ever and regulatory agencies are handing out millions of dollars in fines for privacy and security violations, yet this survey shows companies are still cutting corners,” said DataMotion’s CTO, Bob Janacek. “Some companies mistakenly believe suffering a data breach would be less expensive than the cost of being compliant. What they fail to consider is the price they’ll pay goes far beyond compliance fines. In addition to investigation, legal fees and costs associated with new prevention efforts, there’s always severe backlash from a tarnished reputation. The fact is, cost-effective, easy-to-deploy, user-friendly secure data delivery solutions are available that can go a long way in eliminating security risks and ensuring compliance.”





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //