By David Gibson
Research conducted by Varonis has found that the vast majority of people expect businesses to protect their data – despite the high number of security breaches reported. The study found that while most respondents have good security practices, they still engage in high-risk behaviours that could enable hackers to breach their data.
The research[i] revealed that an overwhelming 91% of respondents assume businesses protect their personal data and online identities despite reported data breaches for 93% of large organisations and 87% of small businesses in 2013[ii].
Overall, the study shows that data security is highly valued: 97% are more willing to do business with a company that protects data and more than half (54%) would pay a premium if they feel a company is protecting their data.
The respondents exhibited several online security habits that would score fairly high on any security report card. The study found that 71% look at the fine print of the end-user-license agreements and terms of service. Mobile security is also high on their agenda, with more than three out of four (77%) password protecting their phone and almost half (47%) even using two-factor authentication for their personal email and on-line services.
Unfortunately, Varonis also found that there are some troubling bad habits. While respondents are dutifully password-protecting their phones, 61% always or frequently use the same password across multiple websites or applications – putting personal information across their accounts in danger. Two thirds of respondents (67%) admit to or suspect having sent unencrypted personal information to a business in an email.
It is encouraging that people are seeking out companies that are better at securing their data – however, the vast number of breaches occurring on an almost daily basis indicates that businesses, just like individuals, are still struggling to get the basics right in securing their data.
Individuals need to focus on eliminating bad “digital” habits and take more control of their security. Businesses have their part to play by making sure IT departments implement basic security best practices.
Best practices for individual consumers:
1. Know where your personal information is, who can access it, and understand what service providers can do with your data without opt-out consent
2. Never send unencrypted PII or other sensitive data – especially account numbers, credit card and social security numbers, and health information—in an email
3. Pick strong passwords—mix of upper and lower case, numeric, and special symbols—and use a unique password for each site – password managers are a big help with this
Best practices for IT departments:
1. Put basic controls around your sharable, cloud-based data by applying the 4 A’s:
• Authentication: verify anyone accessing an account is who they claim to be – multi-factor is better
• Authorisation: make sure employees only have access to the data they need
• Auditing: all access must be monitored
• Alert: analyse activity for potential abuse
2. Make sure employees use protected, authorised platforms
3. Focus on the balance between productivity and security—employees need a modern work experience that doesn’t put organisational data at risk
[i] Privacy survey conducted by Varonis in April 2013 with 200 IT professionals
[ii] The 2013 Information Security Breaches Survey, published by the Department for Business, Innovation and Skills (BIS) and conducted by PwC in conjunction with Infosecurity Europe To download the full privacy research report, visit http://info.varonis.com/privacy-report
About the author and Varonis
David Gibson is Vice President at Varonis.
Varonis is a leader in unstructured and semi-structured data governance software. Based on patented technology and a highly accurate analytics engine, Varonis solutions give organisations total visibility and control over their data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged. Varonis makes digital collaboration secure, effortless and efficient so that people can create and share content easily with whom they must, and organisations can be confident their content is protected and managed efficiently.
Voted one of the "Fast 50 Reader Favorites" on FastCompany.com, and winner of the SC Magazine Innovation, Product or Service of the Year, and Best Network Security Awards, Varonis has more than 4,500 installations worldwide and is headquartered in New York, with regional offices in Europe, Asia and Latin America.
Varonis, the Varonis logo, DatAdvantage®, DataPrivilege® and the IDU Classification Framework® are registered trademarks of Varonis® Systems in the United States and/or other countries and Metadata Framework™, DatAnywhere™, and Data Transport Engine™ are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.