83 percent of US organizations have accidentally exposed sensitive data
According to a new survey 83 percent of security professionals believe that employees have accidentally exposed sensitive customer or business data at their organization.
The study from data protection specialist Egress also finds that accidental data breaches are often compounded by a failure to encrypt data prior to it being shared -- both internally and externally.
The five most common technologies that have led to accidental data breaches by employees are external email services like Gmail and Yahoo (51 percent), corporate email (46 percent), file sharing services like FTP sites (40 percent), collaboration tools such as Slack and Dropbox (38 percent), and SMS/Messaging Apps like G-Chat and WhatsApp (35 percent).
Common errors that lead to data breaches include accidental sharing or sending to a wrong email address, forwarding of sensitive data, sharing attachments with hidden content, and forwarding data to personal email accounts.
The survey finds that a large majority of organizations fail to encrypt data before it's shared. 79 percent of organizations share PII or sensitive business data internally without encryption and 64 percent of organizations share sensitive data externally without encryption.
New privacy regulations are driving change though. When asked how new data regulations have affected how information was shared, respondents say they implemented new security policies (59 percent), invested in new security technologies (54 percent), invested in regular employee training (52 percent) and restricted the use of external data sharing tools (44 percent).
"The explosive growth of unstructured data in email, messaging apps and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections -- combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach," says Egress chief revenue officer and NA general manager Mark Bower. "What really stands out in the survey though, is that despite onerous regulations being enacted, companies are still failing to encrypt data before enabling employees to share it. Encryption is a well-known best practice that can prevent accidents from leading to a major incident resulting in hefty compliance penalties."
You can get hold of a copy of the full report from the Egress website.