Too many healthcare employees would share sensitive data
The most recent Dell End-User Security Survey has some found that three in four employees across all industries, including 68 percent of employees at healthcare organizations, would share sensitive, confidential or regulated information under certain circumstances.
Some situations, such as being directed to do so by management (43 percent) or sharing with a person authorized to receive it (37 percent), would seem legitimate.
But others, such as determining that the risk to their company is very low and the potential benefit of sharing information is high (23 percent), or feeling it will help themselves or the recipient do their jobs more effectively (22 percent and 13 percent respectively) play a bit looser with the rules.
[Also: Hacker Kevin Mitnick on the dangers of human factors for health data security]
While employees in financial services were the most open to disclosing confidential or regulated data (81 percent), the healthcare industry, at 68 percent, did not fare much better.
That’s sobering news for those healthcare organizations investing big money in information security technology.
When employees exchange private information, they're often doing so without proper data security protocols in place, according to Dell. Dueling imperatives of needing to be productive and efficient and needing to keep sensitive data secure also create risk.
Organizations should focus on educating employees and enacting policies and procedures that encourage them to secure data, according to the report.
But even with those policies in place, and a clear understanding of the rules, far too many employees still engage in risky data security practices, the survey showed.
Substantial numbers of employees say they connect to public Wi-Fi to access confidential information (46 percent), use personal email accounts for work (49 percent) or have lost a company-issued device (17 percent). Also, more than half (56 percent) say they use public cloud services such as Dropbox, Google Drive or iCloud to share or back up their work. And 45 percent of employees will use email to share confidential files with third-party vendors or consultants.
If there's any silver lining here, it's that employees say they want to do the right thing. Of those who engage in unsafe behavior, 24 percent of respondents said they do so to get their job done; 18 percent said they did not know they were doing something unsafe. Just 3 percent of respondents said they had malicious intentions when conducting unsafe behaviors.
Indeed, while many employees say they struggle with the limitations security practices sometimes put on their day-to-day productivity, the poll shows that substantial majorities don't want to see their company suffer a data breach.
Nearly two-thirds (65 percent) recognize that it's their responsibility to protect confidential information, such as educating themselves on possible risks and behaving in a way that protects their company. And more than one-third (36 percent) say they're very confident in their knowledge of how to protect sensitive company information.
“Today’s workforce is extremely flexible in that they work from a variety of locations on many different devices and have a multitude of options available to them to store, share and back-up data," said Brett Hansen, vice president of endpoint data security and management at Dell. "While these elements enhance productivity, the risk of lost or stolen data grows immensely."
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
