Nearly two thirds (62 percent) of European and close to half (47 percent) of North American mid-market companies believe their marketing teams have the best skills to extract value from information, and around half (46 and 57 percent respectively) say the same for customer service. However, less than one percent think these teams should have a responsibility for its protection, according to a report[i] by storage and information management company Iron Mountain and PwC.
Many organisations are unaware that this failure to link employee access to information and accountability represents a serious threat to the security of their information. The 2014 Information Risk Maturity Index revealed that the majority of firms expect the IT security manager to grant free access to marketing and customer-facing teams to help them reach new customers and markets (60 percent) and improve customer service (80 percent). However, in over a third of companies (39 percent), the responsibility for information security is placed firmly at the feet of the IT security manager rather than the employees with access to the information.
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
When it comes to the secure management and destruction of company information, the evidence suggests that marketing professionals are far more likely to engage in high-risk behaviour[ii] than other job roles. Consequently, there is a clear need to introduce protection and accountability for sensitive and confidential data that is supported by appropriate guidelines and training.
Examples of high-risk behaviour include taking company sensitive information out of the office to work from home or working on confidential documents while traveling on public transport. The study found that one in three (35 percent) marketing professionals work from home two to four times a week–more than any other job role reviewed–and that they are the most likely to look at business-sensitive work while commuting on public transport (35 percent). Marketers are also most likely among other employees to send or receive work documents over a personal email account (48 percent), at times via an insecure wireless network (12 percent), and often discard documents in their waste bin when working away from the office (28 percent).
Christian Toon, Head of Information Risk at Iron Mountain, said: “The 2014 Information Risk Index reveals that companies everywhere are struggling to make the most of their information while keeping it secure. Making data accessible for analysis and intelligence is essential for business growth, but the employees who use that data must know how to protect it. Our study of European office workers found that just a third of employers provided secure remote intranet access for marketing professionals working remotely. It is imperative that organisations recognise the gap between data security in the office and at home and bridge this as a matter of urgency.”
The 2014 Information Risk Maturity Index is the third annual study to measure how prepared companies are to manage and respond to information risk and address other key information trends. PwC surveyed senior managers at 600 European and 600 North American businesses with 250 to 2500 employees, as well as an additional 600 firms across both continents with up to 100,000 employees. All firms operate in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors.
The full report Beyond Good Intentions: The need to move from intention to action to manage information risk, can be found here.
[i] The third Information Risk Maturity Index surveyed 1,200 mid-sized businesses (250-2,500 employees) and 600 enterprise businesses (over 2,500 employees) in Canada, France, Germany, Hungary, the Netherlands, Spain, the United Kingdom, Norway and the United States.
[ii] Research by Opinion Matters for Iron Mountain. The survey was carried out between 15/04/2013 and 01/05/2013. Sample: 5021 employed adults in the UK, France, Spain, Germany and the Netherlands.
About Iron Mountain
Iron Mountain Incorporated (NYSE: IRM) is a leading provider of storage and information management solutions. The company’s real estate network of 64 million square feet across more than 1,000 facilities in 36 countries allows it to serve customers around the world. And its solutions for records management, data backup and recovery, document management and secure shredding help organisations to lower storage costs, comply with regulations, recover from disaster, and better use their information for business advantage. Founded in 1951, Iron Mountain stores and protects billions of information assets, including business documents, backup tapes, electronic files and medical data. Visit www.ironmountain.co.uk for more information.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.