Even when people are fully aware of the dangers of using unapproved cloud services and personal email accounts, people still use ’em.
And it gets worse! They’re more likely to email work documents to their personal accounts, move documents via cloud apps that IT doesn’t know they have, and lose devices that would give whoever found them unrestricted access to company data. Basically, in every way that Softchoice measured, the youngest workers were the most likely to lose data or leave themselves open to hacking.
But – here’s the kicker — they’re also the most informed about the risks. Younger workers were also the most likely to say that their company has a clear policy on the downloading of cloud apps; that their IT departments have communicated about the risks of cloud apps; and that their workplace has a clear policy on how to protect information.
So the theory that if we simply educated and trained people to take security seriously the problem would be a long way towards solved, appears to be just flat out false. They know the risks, they know they aren’t supposed to do these things, but for the sake of easy access to work information, they do it anyway.
I honestly don’t know that we can train for security. Even when a company has been involved in litigation, and had to review employees personal devices for relevant information, those employees still turn around and do the same thing. Personally, that’s the reason I don’t mix my personal and business information, but I work remotely and have access to cloud based tools, if I didn’t, I might be tempted, and I say that as someone who lives and breaths e-discovery. If anyone should fear the mingling of personal and work data, it should be me, and I still wouldn’t do it.
No, the only real solution is providing convenient, yet secure, tools at the Enterprise level. Obviously, we’re not there yet.