| May 15, 2014
We’ve all heard the stories in the news. Hackers get into a company’s database and wreak havoc on things. These attacks cause so much damage that the fallout can last months beyond the attack. We saw this happen last week when the CEO of Target resigned over the company’s 2013 holiday hacking scandal.
These high profile hacks at major corporations get a lot of media attention. At SMBs, though, IT professionals know that the internal security issue is the real threat and it is something every employee must work to combat.
A recent survey sponsored by Carbonite provided evidence that IT professionals at SMBs are not overly concerned with outside hackers trying to steal data. The survey questioned 500 IT professionals at SMBs with fewer than 100 employees. When asked about their level of concern over outside threats, only 22 percent of those surveyed said it was either “very” or “somewhat” likely. By contrast, an overwhelming majority (78 percent) said an outside threat was either “somewhat” or “very” unlikely.
On the other hand, internal threats were a major issue for respondents. Those surveyed were asked, “Which of the following, if any, would you rather have employees bring into the workplace compared to their personal cloud applications?” Respondents said they would rather have things like last night’s leftovers, children, pets and the flu. While humorous on the surface, the numbers were not funny. Seventy-one percent said they would rather have employees introduce some kind of significant distraction or interruption to the workplace than personal cloud applications.
Respondents were also asked about “Rogue IT” - employees going around IT policies and introducing their own applications to their companies’ networks. Those surveyed were nearly evenly split.
When asked, “How strongly do you agree or disagree with the following statement: ‘Rogue IT is an issue at my company,’ meaning, employees go around the IT department when making IT decisions,” 49 percent agreed employees were practicing “Rogue IT,” while 51 percent did not see this as an issue. Nevertheless, 76 percent said at least some employees were using their own personal cloud-based applications for work-related functions.
Surprisingly, “Rogue IT” takes place in spite of an overwhelming majority of respondents – 83 percent – saying they have formal data security policies and procedures in place for employees. Also, although only seven percent of those surveyed rated employees’ level of understanding as “below average” or “terrible,” only one-fifth felt employees’ understanding was “perfect.”
IT pros at SMBs obviously have little faith in their fellow employees’ adherence to security programs. That is a problem. Security is the responsibility of everyone in the company, not just the IT department. With the importance of data security so high these days, there should be zero tolerance for ignored policies and procedures. Based on these results, we’re not there yet.
Employees play a critical role in securing data. SMB owners need to emphasize the broader, holistic ways in which every employee is a custodian for the business, such as by offering workshops on data security or doing regular checkups for their mobile devices.
In lieu of 100% compliance, SMBs must take precautions against the potential threat from within. They need to automatically back up their data both locally and to the cloud in a “hybrid cloud” backup solution. At least then, if this lack of compliance results in data loss, that data can be recovered and the business will not encounter loss of profit, loss of customers and other negative business impacts.