Three quarters of employees see information security as an HR issue and want companies to develop better personnel policies to help safeguard private company data, new research has revealed.
The study, by data loss prevention company Clearswift, gathered views from over 4,000 employees in the UK, USA, Germany and Australia.
Among UK respondents, 76% said there should be a disciplinary process for people who leak sensitive business information. And 70% said references for past employees or contractors should disclose whether they were involved in data breaches.
Three out of four said they would not trust their company again if their private information were leaked.
Security is as much about training and dealing with people in and around the organisation, as it is about technical solutions. In a parallel survey of 500 security experts, 68% said training was the most important way to minimise risk.
>See also: Britain is paying the price of cybercrime
This reflects the growing recognition that data breaches are largely down to people who have been granted access to the information they leak – whether deliberately or accidentally – and this must be addressed with policies as well as technology.
The research showed 71% of UK breaches come from people in the extended enterprise – 41% from employees, 9% from ex-employees, and 21% from contractors 21%.
Technology is increasingly able to spot suspicious activity, such as an email containing credit card or patent details, but acting on this information requires informed people management based decisions.
“It will become the job of HR to make judgements about whether such activity is suspicious and take appropriate action – from sending a warning to providing suitable training, to instigating full-scale investigations,” said Heath Davies, chief executive at Clearswift. “HR therefore needs to be much more closely engaged with their company’s information.
“The recent Ashley Madison breach seems to have come from someone on the inside. This shows that information security is not just an issue for the IT department, but one that needs the attention of the people tasked with hiring, incentivising and creating a culture of trust within the workforce.”