Cyber security firm Sophos shares the results of its latest research into online security, highlighting attitudes among end-users towards security and data protection across Europe. With comment from Gerhard Eschelbeck, CTO, Sophos.
The research, conducted by Vanson Bourne, reveals that 84 percent of respondents agree Europe needs stronger data protection laws, but 77 percent are not confident their organisations comply with the current regulations. Of the 1,500 professional consumer and office workers surveyed across the UK, France and Germany, the majority confirmed that they were concerned about both their personal data (79 percent) and their corporate data (65 percent). However, while 91 percent of respondents had at least one safeguard in place when it came to protecting personal data, only 59 percent had anti-virus. Furthermore, almost half (49 percent) said their organisation either did not have a data protection policy in place, or if it did had not communicated this to its employees.
The research, which was designed to gauge end-users’ understanding and awareness of data protection ahead of the new EU reforms, showed that of those surveyed, only 23 percent were completely confident their organisations complied with current data protection regulations. 50 percent confessed to either: not knowing what encryption was (7 percent); not knowing whether their organisation had it in place (23 percent); or said that their organisation did not have it in place (20 percent). Only 23 percent could confirm if their organisations encrypted both employee and customer data.
Mobile device security
The report also examined end-user attitudes to mobile device security with nearly all respondents (98 percent) agreeing that the data is to an extent more important than the device itself. However, despite this, a quarter confessed to storing corporate information on their personal laptops and mobile phones, with almost one in five (19 percent) revealing they had lost a personal or mobile device at one point. Furthermore, when it came to securing mobile devices, while the majority (64 percent) of respondents’ organisations implemented passwords to secure mobile devices, only 31 percent of those with company phones knew if they were encrypted as well. This compared with 51 percent of those with company laptops who could clarify their laptops were encrypted, highlighting the continued willingness to accept mobiles as a risk.
Sharing data
The majority of respondents agreed that information was the most valuable asset, with almost all (95 percent) saying that they needed to share, send and access corporate data from any device or location in order to work effectively. The research also unveiled that 66 percent of respondents do not always check whether the data is safe to share, and in order to share data more easily two thirds (64 percent) were prepared to use shadow IT and personal cloud services to circumvent their organisations’ IT restrictions and security policies.
Attitudes to cloud storage also differed in each country. Overall, 31 percent said their organisation allowed them to use cloud storage solutions like Dropbox in the workplace. However in the UK this increased to 44 percent, with only 27 percent allowed in France and 23 percent in Germany. A further 11 percent were not allowed to use cloud storage solutions like Dropbox but did so anyway. Likewise it was respondents from the UK who were more likely to share data in the cloud: 52 percent versus 40 percent in France and 34 percent in Germany.
61 percent of respondents said it was important we have stronger laws on data protection governing all European countries. Interestingly, this broke down to 54 percent of respondents in the UK, 68 percent of respondents in France and 62 percent in Germany. There were also differences in opinion between the three countries with regard to the security of personal data: at 86 percent, France was more concerned than either the UK (78 percent) or Germany (74 percent). Germany was particularly unconcerned about cyber criminals getting hold of data (29 percent), compared with 49 percent in France and 45 percent in the UK. Equally, France was more concerned about the security of corporate data (76 percent) compared to 62 percent in the UK and 59 percent in Germany.
Interestingly, 60 percent of employees in the UK, compared with 43 percent in France and 50 percent in Germany, said their organisation had a data protection policy and it had been clearly communicated. In addition, the larger the organisation, the more likely users were to be aware of a data protection policy. Gerhard Eschelbeck, CTO, Sophos says: “With cybercrime at an all-time high organisations need to ensure the right data protection policies are in place to safeguard employee and customer data. It’s clear from this research that despite the majority of end-users understanding the importance of information and the need to safeguard it, they are still prepared to ignore the dangers to make their lives easier. If we are to beat cybercrime, organisations need to ensure that the right policies are in place, not only to safeguard business critical information but also meet the needs of the employees.”
Additional data
Unsurprisingly, those aged 18-35 were most likely to have lost a mobile device (32 percent of those polled), as opposed to just over 10 percent among respondents aged 36 and over.
The UK has the highest percentage of encrypted company laptops: 62 percent compared to 36 percent in France and 56 percent in Germany. The UK has the highest percentage of encrypted company mobiles: 41 percent compared to 21 percent in France and 32 percent in Germany.
