Employees’ Reasons for Not Using Secure Communications

How heavily do you invest in cybersecurity? How much of that is in your communications infrastructure? Regulations and compliance requirements, customer or client demand and simply maintaining your business’s reputation all contribute to the need to have a secure communications infrastructure. You may think you have this covered; in fact, today, many companies’ IT budgets are focused on cybersecurity spending. But having the tools, training and policies are only half the battle. If your employees are not using the solutions you’ve invested in, they become your largest liability in your security platform.

In a study commissioned by Biscom, we explored why companies that purported to have mechanisms to protect their data still experienced data loss and we uncovered a surprising cause. It turns out that when it comes to sharing data, information and documents, no matter how sensitive the information may be, employees regularly turn to email as the default method for sharing. By doing this, they unintentionally become the most significant breach candidate because they’re not using available security solutions.

Companies Are Putting In the Effort

Security initiatives at the corporate level aren’t going unnoticed by employees. According to the study, the majority of employees understood that their company invests heavily in securing company data. In fact, 98% of respondents stated that their company cares about data security and 93% said that their company proactively invests in keeping data safe. Specifically, 95% reported that their company provides tools for securely sharing information and files and 85% said their company has policies about sharing and delivering documents and information. Additionally, 88% of respondents reported their company trains employees on properly using secure methods of information sharing and delivery.

Employees Admit to Noncompliance

Unfortunately, the survey revealed that while 78% of respondents said they understood and agreed with their companies’ security policies, many respondents reported insecurely sharing information both internally with their colleagues (74%) and externally (60%). This noncompliance spanned all age groups, and both millennials and older generations admitted to using insecure methods to transfer information in and out of their companies.

When asked to explain this noncompliance, the biggest reasons cited were the high level of complexity of the provided tools and the amount of additional time it took to perform their job. In fact, 60% said they do what’s easiest when deciding how to send sensitive documents—and 70% said what’s easiest is email. Interestingly, the data show similar attitudes in both millennials and older generations.

How To Improve Data Security

Beyond onboarding, companies should conduct training and education regularly to keep security best practices top of mind. Annual cybersecurity training is not enough; instead, companies should strive to instill a cybersecurity culture throughout their organizations. Companies tend to go through an evolution that starts with employees exhibiting little concern, then assuming that security is an IT responsibility, and eventually embracing good cybersecurity practices. This progression can be accelerated by positive reinforcement through training and strong examples by leadership. Firms that have provided secure solutions yet seem to have low adoption should distribute anonymous employee surveys to collect feedback on the current tools and practices. Try to ascertain the specific tasks that are left undone and the root causes for areas of low compliance. Look for strategies to address these core issues to get to a more mature view of security.

In addition to a strong culture of cybersecurity awareness, providing tools to securely send information is also important. When evaluating solutions, once you narrow them down to those that meet your feature requirements, prioritize the ones that focus on intuitive user experiences. Biscom’s study found that ease of use is paramount in increasing those adoption numbers, with 35% of respondents complaining that existing secure communications tools lack integration with existing systems and applications.

With stricter regulations such as GDPR, as well as the costly impact of data breaches, it’s critical now more than ever that companies clearly understand threats and know how to address them in the form of policies, processes and tools. When considering a solution that addresses your organization’s security and compliance needs, assess usability for each individual as well as teams that need to collaborate. Providing regular employee training, oversight and accountability, with the goal of each employee taking on responsibility for good cybersecurity hygiene, will help ensure you’re achieving the level of threat protection you’ve invested in.

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Bill Ho

Bill Ho is the CEO of Biscom, a software company that helps organizations share information securely through secure fax, email, collaboration, and file sharing for regulated industries, most notably healthcare. Prior to Biscom, Bill held roles at Oracle and CNET.com before founding a company that pioneered cloud storage and secure collaboration. Bill received his BS Computer Science from Stanford, MS Computer Science from Harvard, and his MBA from MIT Sloan. Bill also serves on the President's Council for Beth Israel Lahey Health.

bill-ho has 1 posts and counting.See all posts by bill-ho