Bosses fingered as worst data security offenders

Bosses must be data savvy or dieBosses might come down hard on their staff for even the slightest data security misdemeanour but they should actually be looking closer to home, as UK chiefs are far more likely to leak an organisation’s most confidential and sensitive information than anyone else.
That is according to research from Iron Mountain, which claims that business leaders are the worst offenders when it comes to mismanaging sensitive information.
Over half (57%) chief executives and managing directors questioned confess that they have left business-sensitive or confidential information on the printer for all to see: just under half (49%) have used a personal email account to send sensitive business information and 40% have sent information over an insecure wireless network.
Meanwhile 43% have disposed of documents in a potentially insecure bin and 39% admit to having lost business information in a public place.
In comparison to employees across all levels, bosses topped the list of information-management sinners in all of these instances.
In fact, one in seven (14%) admit that they do not follow company policies governing information security because they find them too complicated, while 6% say they are completely unaware of any policies in this area.
Iron Mountain UK commercial director Elizabeth Bramwell said: “Our research shows that business leaders are more likely to put sensitive information at risk than any other employee. They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning.
“The financial penalties for companies who fail to meet data handling and security obligations are getting more severe. But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line.
“For many, it will require a cultural shift, with the example set at the very top. Unfortunately, it would appear that many companies are falling woefully short of what is required.”

Related stories
UK customer data ‘is still at risk’ despite US deal
EU sets May 25 2018 as GDPR implementation date
Industry on alert as EU reviews online privacy laws
Data consent ruling rocks industry
ICO evidence exposes mass abuse of the TPS rules
1,000 firms probed as ICO goes to war on rogue data
New call for customers to sell data
Our data is worth loads, say public
Personal data ‘worth a fraction of 1p’
Personal data to be worth €1trillion
‘Paltry’ prices for personal data