Privacy &
Security

Over a third of employees don't know where their security policy is saved.

Do you know where to access your company's IT security policy?

Security policies are completely redundant unless all employees are aware of and actively follow it. But not only are 1/3 of employees unaware of where to find theirs, only 13% of employees interviewed as part of this survey could remember their security policy in its entirety.

The policy itself could simply be pre-installed onto employee's desktops, making it easy to access. Regular quizzing on security measures, perhaps carried out in a pub-quiz format complete with prizes, could work as a fun and engaging way of keeping employees up to speed on their security policy.

Conference
Calling

1 in 4 Senior Managers have experienced a stranger on their conference call.

Has anyone ever joined a conference call you're on that shouldn't have been on there i.e they shouldn't have had access to it, don't have the authority to be involved?

Conference calls have always been a major weak spot in corporate security. People are often too slow to change their PIN codes, offering opportunities for unscrupulous third-parties to eavesdrop and harvest sensitive information.

Despite a quarter of Senior Managers experiencing a stranger on their conference call (that they were aware of), the following amount still admit to discussing such information as internal company trading (27%), corporate issues (34%), and sensitive company information (8%) over the phone.

Consider introducing a conference call service designed with security in mind. At 247meeting, we've tailored a mobile app that dials-out to your guests as opposed to having them dial-in. This ensures no one can join the call without the host's permission, while subsequently eliminating the need for PIN codes and dial-in numbers!

1 in 4 Senior Managers admit to sharing their personal PIN code for conference calls.

Does anyone else ever use your personal conference call PIN?

Although sharing PIN codes seems like harmless practise, it can lead to big problems.

If a Senior Manager shares their PIN code with another employee, that employee could unknowingly schedule a conference call at the exact same time as their Senior Manager. Upon entering this shared PIN code, the employee could inadvertently overhear their manager's call.

Senior Managers have also admitted to discussing employee salaries (31%), employee grievances (25%), and employee's personal details (12%) on conference calls.

Ex-employees could also gain an unfair advantage by dialling this PIN code every now and then in the hope of hearing profitable information to use in their new position.

Communication

Almost half of employees admit to using technology tools to communicate at work without them being password protected.

Of the technology based tools, excluding emails that you use for communication at work, are they all private/password protected i.e you need a personal password/log in to be able to access them?

Businesses can ill-afford to take risks regarding internal communication where some of the most sensitive of business issues are discussed. Yet, employees remain apathetic when ensuring that all their communication tools are password protected.

Alarmingly, many respondents to our survey admitted to using messaging services that aren't even encrypted to talk about work issues, including SMS (21%), Twitter (8%), Snapchat (4%).

Subscription-based internal communication services centred on security and privacy are the safest way to conduct internal communication. With a number to choose from, finding the right messaging service for your company has never been easier.

There's also a host of password managing applications that can assist employees in staying vigilant. These programs generate and retrieve complex passwords when needed, avoiding the all too common blunder of applying the same password on every site.

GDPR

26% of employees that have access to customer data haven't been trained on GDPR despite huge potential fines for their company.

If you have access to customer data, has your company trained you on GDPR?

In recent years, customer data has become a highly lucrative commodity. Reflecting this, there's been a noticeable increase in the number of data breaches around the world. In response, the EU implemented stringent new laws in data protection and storage in order to keep customer data safe.

Many smaller organisations have unwittingly adopted a laissez-faire attitude towards GDPR under the assumption that a data breach is unlikely to ever occur. This "it will never happen to me" optimism bias is partly to blame on the lack of coverage smaller data breaches receive in the press. But with fines put in place to seriously maim businesses of every size, no organisation can afford to take risks with any of the customer data in their possession.

Remote
Workers

Those permanently working remotely are least likely to have been trained on their company's GDPR policy.

If you have access to customer data, has your company trained you on GDPR?

When prowling for any potential weak links to exploit, hackers tend not to discriminate between office-based employees and employees who work from home. But there appears to be a surprising lack of urgency in bringing remote workers up to speed on GDPR.

A further 60% of remote employees admit to being unaware of how to find their company's IT security policy or weren't even sure if their company had one at all!

With a growing number of employees opting to work remotely, it's important to remember that these employees are as accountable for upholding security measures as any other office-based employee. A greater effort must be made to keep these employees up to date on any new policies.

Industry
Breakdown

Top 10 industries least likely to know where their security policy is saved.

IT security policies should be central to any IT department's work. Yet astonishingly, 27% of those working in IT admitted to having no idea where to find their security policy! Similarly with Law Enforcement & Security, where almost 52% of respondents admitted to not knowing where to find their IT security policy.

There also seems to be a lack of awareness in major industries where customer data is regularly used, like Marketing, Advertising & PR, as well as Social Care. Half of those in Publishing & Journalism admitted to being none the wiser about their security policy, despite the fact that confidentiality is a major concern for journalistic sources.

In bringing everyone up to speed, it's worth instilling the idea that security isn't just the responsibility of the Security Department, but that each employee is a bastion of their company's security policy and needs to play their part.