Employees have too much access to sensitive data

Data privacy

Lax policies and a lack of control is giving far too many employees access to sensitive data according to the latest Global Data Risk Report from data security specialist Varonis.

The report, based on analysis of Data Risk Assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, uncovers some startling figures, with 58 percent of organizations found to have more than 100,000 folders open to all employees.

In an average company the report finds 21 percent of all folders are open to everyone. In addition 41 percent have at least 1,000 sensitive files open to all employees. Of companies with more than a million folders, 88 percent have more than 100,000 open to everyone.

Much of the problem lies with policies and controls governing stored data. On average, 54 percent of an organization's data is stale, which adds to storage costs and complicates data management. Also 34 percent of user accounts are enabled, but are stale, 'ghost' accounts who still have access to files and folders. The findings also show 46 percent of organizations have more than 1,000 users with passwords that never expire.

With GDPR on the horizon, companies are under pressure to put their houses in order. "The report demonstrates that there's still quite a lot of work to do to try and get these numbers under control," Matt Lock, director of sales engineers, UK at Varonis says. "We've never done more of these assessments than we are now, which means people are taking this stuff seriously. The positive thing is that companies have begun a process of starting to lock data down and fix the issues. For companies that haven't started to create digital asset registers and get a grip on the data they hold this is a really powerful report that will show companies they need to act."

You can read more about the findings in the full report which is available from the Varonis website.

Image credit:  Photojog/depositphotos.com

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy.