Research finds business leaders put reputation and long-term success at risk by not following protocol
London, UK. Although they handle their organisation’s most confidential and sensitive information, mid-market MDs and CxOs could be the weakest link when it comes to safeguarding that information. Research into information management and security practices in the mid-market commissioned by leading storage and information management company Iron Mountain (NYSE: IRM) suggests that business leaders are the worst offenders when it comes to mismanaging sensitive business information.
Over half (57%) the CxOs/MDs questioned say they have left business-sensitive or confidential information on the printer for all to see: just under half (49%) have used a personal email account to send sensitive business information; 40% have sent information over an insecure wireless network; 43% have disposed of documents in a potentially insecure bin, and 39% admit to having lost business information in a public place. In comparison to employees across all levels of mid-market companies, CxOs topped the list of information-management sinners in all of these instances.
According to the 2016 Edelman Trust Barometer report[1], which questioned 33,000 members of the general public in 28 countries, trust in CEOs around the globe has risen 8 per cent since 2015 to 49 per cent. This trust could, however, be misplaced when it comes to CxOs’ ability to safeguard company information. Indeed, when it comes to following processes designed to protect the integrity of information, ensure it is managed securely and remains compliant with company policies and/or legal requirements, one in five (21%) CxOs responding to the Iron Mountain research say the find the processes too complex and look for a workaround. A further one in seven (14%) don’t follow company policies governing information security because they find the policies too complicated, while 6% say they are completely unaware of any policies in this area.
The research shows that facilities and office managers come a close second to CxOs in their data handling bad habits, with over half (56%) admitting to taking sensitive or confidential information out of the workplace and 48% having sent such information to the wrong recipient.
At the other end of the scale, administrative staff rate well in comparison, but are still guilty of mismanaging information. Just under a third (29%) have left confidential information on the printer, one in five (21%) admit to having mislaid data or sending it to the wrong person and 15% admit to losing company documents in a public place.
Commenting on the research, Elizabeth Bramwell, Commercial Director at Iron Mountain UK, said: “Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee. They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning. The financial penalties for companies who fail to meet data handling and security obligations are getting more severe. But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line. With the stakes so high, companies need to put the policies and processes in place to support good information governance. On its own this may not be enough: companies must promote behaviours that protect sensitive company information. For many, this will require a cultural shift, with the example set at the very top. Unfortunately, it would appear that many mid-market companies are falling woefully short of what is required.”
About the research
The research was undertaken for Iron Mountain by Opinion Matters, who surveyed a total of 4,006 workers in companies with between 250 – 3,000 employees (250-5,000 in North America) across the UK, France, Germany, The Netherlands, Belgium, Spain and North America.
Respondents were drawn from the manufacturing, engineering, insurance, financial services, legal, pharmaceutical and energy sectors, with job roles in HR, legal, IT, MD/CXOs, procurement, sales, marketing, facilities / office managers, admin including PAs and secretarial roles, and people deemed responsible for managing information. The research was conducted via online interviews and undertaken in April and May 2016.
[su_box title=”About Iron Mountain” style=”noise” box_color=”#336588″][short_info id=’60461′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.