Although they handle their organisation’s most confidential and sensitive information, mid-market MDs and CxOs could be the weakest link when it comes to safeguarding that information, it is suggested.
Research into information management and security practices in the mid-market commissioned by a storage and information management contract company, Iron Mountain, suggests that business leaders are the worst offenders when it comes to mismanaging sensitive business information.
Over half (57pc) the CxOs/MDs questioned say they have left business-sensitive or confidential information on the printer for all to see: just under half (49pc) have used a personal email account to send sensitive business information; 40pc have sent information over an insecure wireless network; 43pc have disposed of documents in a potentially insecure bin, and 39pc admit to having lost business information in a public place. In comparison to employees across all levels of mid-market companies, CxOs topped the list of information-management sinners in all of these instances.
When it comes to following processes designed to protect the integrity of information, ensure it is managed securely and remains compliant with company policies and/or legal requirements, one in five (21pc) CxOs responding to the Iron Mountain research say the find the processes too complex and look for a workaround. A further one in seven (14pc) don’t follow company policies governing information security because they find the policies too complicated, while 6pc say they are completely unaware of any policies in this area.
The research shows that facilities and office managers come a close second to CxOs in their data handling bad habits, with over half (56pc) admitting to taking sensitive or confidential information out of the workplace and 48pc having sent such information to the wrong recipient. At the other end of the scale, administrative staff rate well in comparison, but are still guilty of mismanaging information. Just under a third (29pc) have left confidential information on the printer, one in five (21pc) admit to having mislaid data or sending it to the wrong person and 15pc admit to losing company documents in a public place.
Comment
Elizabeth Bramwell, Commercial Director at Iron Mountain UK, said: “Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee. They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning. The financial penalties for companies who fail to meet data handling and security obligations are getting more severe. But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line. With the stakes so high, companies need to put the policies and processes in place to support good information governance. On its own this may not be enough: companies must promote behaviours that protect sensitive company information. For many, this will require a cultural shift, with the example set at the very top. Unfortunately, it would appear that many mid-market companies are falling woefully short of what is required.”
About the research
The research was for Iron Mountain by Opinion Matters, who surveyed a total of 4006 workers in companies with between 250 to 3,000 employees (250 to 5000 in North America) across the UK, France, Germany, The Netherlands, Belgium, Spain and North America. Respondents were drawn from the manufacturing, engineering, insurance, financial services, legal, pharmaceutical and energy sectors, with job roles in HR, legal, IT, MD/CXOs, procurement, sales, marketing, facilities / office managers, admin including PAs and secretarial roles, and people deemed responsible for managing information. The research was via online interviews and undertaken in April and May 2016.
