By Daniel Hunter
Research conducted by Varonis, the leading provider of comprehensive data governance software, has found that the vast majority of people expect businesses to protect their data - despite the high number of security breaches reported. The study found that while most respondents have good security practices, they still engage in high-risk behaviours that could enable hackers to breach their data.
The research revealed that an overwhelming 91% of respondents assume businesses protect their personal data and online identities despite reported data breaches for 93% of large organisations and 87% of small businesses in 2013. Overall, the study shows that data security is highly valued: 97% are more willing to do business with a company that protects data and more than half (54%) would pay a premium if they feel a company is protecting their data.
The respondents exhibited several online security habits that would score fairly high on any security report card. The study found that 71% look at the fine print of the end-user-license agreements and terms of service. Mobile security is also high on their agenda, with more than three out of four (77%) password protecting their phone and almost half (47%) even using two-factor authentication for their personal email and on-line services.
Unfortunately, Varonis also found that there are some troubling bad habits. While respondents are dutifully password-protecting their phones, 61% always or frequently use the same password across multiple websites or applications - putting personal information across their accounts in danger. Two thirds of respondents (67%) admit to or suspect having sent unencrypted personal information to a business in an email.
“It is encouraging that people are seeking out companies that are better at securing their data - however, the vast number of breaches occurring on an almost daily basis indicates that businesses, just like individuals, are still struggling to get the basics right in securing their data," David Gibson, Vice President at Varonis explains.
Individuals need to focus on eliminating bad “digital” habits and take more control of their security. Businesses have their part to play by making sure IT departments implement basic security best practices.
For individual consumers:
1. Know where your personal information is, who can access it, and understand what service providers can do with your data without opt-out consent
2. Never send unencrypted PII or other sensitive data — especially account numbers, credit card and social security numbers, and health information–in an email
3. Pick strong passwords–mix of upper and lower case, numeric, and special symbols–and use a unique password for each site — password managers are a big help with this
For IT departments:
1. Put basic controls around your sharable, cloud-based data by applying the 4 A's:
- Authentication: verify anyone accessing an account is who they claim to be — multi-factor is better
- Authorisation: make sure employees only have access to the data they need
- Auditing: all access must be monitored
- Alert: analyse activity for potential abuse
2. Make sure employees use protected, authorised platforms
3. Focus on the balance between productivity and security–employees need a modern work experience that doesn’t put organisational data at risk