A survey on technology-related security risks has found almost two-thirds of public sector workers would not report a serious data-protection breach if they thought it would cause problems in their workplace.
The research, based on a poll of 2,000 UK staff and conducted for telecoms and IT firm Daisy Group, also found significant proportions of respondents had lax attitudes to password-protection and a willingness to circumvent security measures to make their work life easier.
As well as the 64% of staff confirming that they would not report data-protection beaches, 5% said they had disabled a password-protection feature on a laptop, mobile phone, or tablet, while 20% said they did not change their passwords regularly. A further 8% of respondents said they used “simple” passwords that could be easily guessed.
Graham Harris, Daisy Group’s product director for cloud services, said the survey results underscored the extent to which staff buy-in was vital for IT security measures to be effective.
“Procedures that are complicated or disrupt the working environment often result in employees finding ways to circumnavigate them or taking matters in their own hands,” he said.
“When it comes to data security, all too often organisations focus purely on IT processes and forget about the staff that will be using them.
“Human error is one of, if not the most likely source for data security issues, and fear of reprisal is a powerful force.
“Public sector organisations must be proactive and educate their staff about what data security processes and policies there are, why they exist, what the staff member’s responsibilities are and reassure them about what to do in the event of a problem.”
Another survey finding saw 16% of respondents claim they had “no idea” whether data-protection was an important consideration for their organisation.
The research was conducted to assess the demand among UK businesses and public sector organisations for cloud-based technology that would give more control over smartphones and tablet computers, allowing lost or stolen devices to be tracked and wiped to protect confidential information.
Daisy Group said beefed-up European Union data-protection laws requiring breaches to be reported to the relevant authorities within 24 hours were expected to be in place by the end of 2018.
