You may be one of the many staff (WFH or otherwise) who needs confidentiality training, according to a cybersecurity study.
While working from anywhere, remote-working teams need to work on confidential information outside of the safe confines of the physical office. Not every document or its contents is clearly defined as confidential, and this may lead to delays or inadvertent leaks.
According to a study of 408,929 employees worldwide in May this year, 24% had been unsure whether the information they were working with is confidential or not. This could mean that information that ought not to be shared with others outside the organization was at risk of leaking out, without the employees being aware of the hazard.
If confidential information falls into the wrong hands, it could harm the company in a variety of ways. Some information could be market sensitive; some could impact the organization’s reputation or could breach data privacy regulations; and leaked log-in information could give cybercriminals access to business-critical internal systems.
Construction, education, transport and retail sectors in the survey were found to be most at risk. In the construction, education, transport and retail sectors, around 34–35% per cent of respondents were unsure about the status of the information they were working with. In banking and finance, the proportion was 16%.
According to Kai Roer, Research Director of KnowBe4 Research in Norway, which conducted the study: “Sectors like banking and finance are, on the whole, more used to dealing with confidential information and probably have better routines and procedures for this. We see a clear link between the various aspects of security culture. The organizations that do well in one area, generally also do well in other areas. Unfortunately, IT security is equally important for everyone, regardless of business sector. This has been demonstrated by a series of cyberattacks in Norway over the past year.”
A matter of training and follow-up
According to the firm, this problem is the result of insufficient training of workers by managers. “The figures indicate that the issue has generally not been properly explained to or followed up with employees. When someone starts a new job, they are given access to a lot of information. It is the manager’s responsibility to follow up and ensure that their employees are confident in their role and know how to handle the information they encounter. It is equally important to ensure that employees handle confidential information correctly as time goes on. It is not enough just to provide training when people join the organization,” Roer added, referring to non-disclosure agreements (NDAs) specifying what can and cannot be shared, at the time of issuing employment contracts.
However, as new confidential information is always being proceeds, NDAs need to be followed up with constant and updated guidance and briefings as needed. Cybercriminals are constantly working to develop more sophisticated attack methods to entrap remote-workers who are not sure about what information they can or cannot disclose.