Stronger Data Protection Laws Needed

exposed data

Cyber security company Sophos has announced the results of its latest research, highlighting attitudes among end-users towards security and data protection across Europe. The research, conducted by Vanson Bourne, reveals that 84 per cent of respondents agree Europe needs stronger data protection laws, but 77 per cent are not confident their organisations comply with the current regulations.

Of the 1,500 professional consumer and office workers surveyed across the UK, France and Germany, the majority confirmed that they were concerned about both their personal data (79 per cent) and their corporate data (65 per cent). However, while 91 per cent of respondents had at least one safeguard in place when it came to protecting personal data, only 59 per cent had anti-virus. Furthermore, almost half (49 per cent) said their organisation either did not have a data protection policy in place, or if it did had not communicated this to its employees.

The research, which was designed to gauge end-users’ understanding and awareness of data protection ahead of the new EU reforms, showed that of those surveyed, only 23 per cent were completely confident their organisations complied with current data protection regulations. 50 per cent confessed to either: not knowing what encryption was (7 per cent); not knowing whether their organisation had it in place (23 per cent); or said that their organisation did not have it in place (20 per cent). Only 23 per cent could confirm if their organisations encrypted both employee and customer data.

Mobile device security

The report also examined end-user attitudes to mobile device security with nearly all respondents (98 per cent) agreeing that the data is to an extent more important than the device itself. However, despite this, a quarter confessed to storing corporate information on their personal laptops and mobile phones, with almost one in five (19 per cent) revealing they had lost a personal or mobile device at one point.

Furthermore, when it came to securing mobile devices, while the majority (64 per cent) of respondents’ organisations implemented passwords to secure mobile devices, only 31 per cent of those with company phones knew if they were encrypted as well. This compared with 51 per cent of those with company laptops who could clarify their laptops were encrypted, highlighting the continued willingness to accept mobiles as a risk.

Sharing data

The majority of respondents agreed that information was the most valuable asset, with almost all (95 per cent) saying that they needed to share, send and access corporate data from any device or location in order to work effectively. The research also unveiled that 66 per cent of respondents do not always check whether the data is safe to share, and in order to share data more easily two thirds (64 per cent) were prepared to use shadow IT and personal cloud services to circumvent their organisations’ IT restrictions and security policies.

Attitudes to cloud storage also differed in each country. Overall, 31 per cent said their organisation allowed them to use cloud storage solutions like Dropbox in the workplace. However in the UK this increased to 44 per cent, with only 27 per cent allowed in France and 23 per cent in Germany. A further 11 per cent were not allowed to use cloud storage solutions like Dropbox but did so anyway. Likewise it was respondents from the UK who were more likely to share data in the cloud: 52 per cent versus 40 per cent in France and 34 per cent in Germany.

Views on current data protection legislation across Europe

61 per cent of respondents said it was important we have stronger laws on data protection governing all European countries. Interestingly, this broke down to 54 per cent of respondents in the UK, 68 per cent of respondents in France and 62 per cent in Germany.

There were also differences in opinion between the three countries with regard to the security of personal data: at 86 per cent, France was more concerned than either the UK (78 per cent) or Germany (74 per cent). Germany was particularly unconcerned about cyber criminals getting hold of data (29 per cent), compared with 49 per cent in France and 45 per cent in the UK. Equally, France was more concerned about the security of corporate data (76 per cent) compared to 62 per cent in the UK and 59 per cent in Germany.

Interestingly, 60 per cent of employees in the UK, compared with 43 per cent in France and 50 per cent in Germany, said their organisation had a data protection policy and it had been clearly communicated. In addition, the larger the organisation, the more likely users were to be aware of a data protection policy.

Gerhard Eschelbeck, CTO, Sophos says: “With cybercrime at an all-time high organisations need to ensure the right data protection policies are in place to safeguard employee and customer data. It’s clear from this research that despite the majority of end-users understanding the importance of information and the need to safeguard it, they are still prepared to ignore the dangers to make their lives easier. If we are to beat cybercrime, organisations need to ensure that the right policies are in place, not only to safeguard business critical information but also meet the needs of the employees.”