Do your employees choose data protection or productivity?

Imagine this situation.

It's the day before an important presentation at a large corporation's annual global earnings conference. In the airport, the national sales manager receives last minute feedback and begins to edit the document on a laptop when a stranger takes the next seat. The presentation, which contains proprietary information on important company financials, is now in plain sight of wandering eyes. The national sales manager is faced with a critical decision: continue working to finish the changes or stop altogether to safeguard the company data.

While every CSO would hope the employee would choose to protect the confidential information, the reality is that many would not. So how does a CSO identify the weak links in the organization and prevent cybercriminals from gaining enterprise data through spear phishing and other low-tech methods like snooping?

[The 7 elements of a successful security awareness program]

Ponemon Institute recently explored this topic in the Visual Privacy Productivity Study. Employees at five companies were asked to participate in a survey. After being set up at a computer, the employees were told the survey was going to be delayed for 30 minutes and they had the choice to get some work done or take a break. Half of the employees' computers were also installed with a 3M privacy filter to measure whether visual privacy protection helped to increase productivity. The study did in fact find that employees whose visual security was protected with a privacy filter were twice as productive than those without a privacy filter. However, of those employees not equipped with a privacy filter, it also revealed the potential weak links in an organization that choose productivity over privacy.

Millennials choose productivity

The Visual Privacy Productivity Study found a stark difference in privacy orientation between generations, with older employees stating that privacy is either important or very important at a higher rate than their younger colleagues (65 percent of employees over 55 compared to 52 percent for millennials 26-35). These beliefs translated into outputs: older employees that didn't feel the data on their device screen was adequately protected worked less than younger employees experiencing the same level of privacy. In general --with or without privacy -- younger employees spent more time on the clock and were more productive.

Younger generations, millennials specifically, are more likely to be privacy complacent, choosing productivity over data security. This is a group that grew up with technology in hand -- they aren't afraid of it and even rely on technology to get through the day. Tangible data -- a manila folder containing papers with numbers and figures -- is a foreign concept, making it easier for millennials to access a file remotely without thinking twice about taking the necessary steps to secure it. Younger employees also feel pressure to produce more and prove themselves in an economy where the job market remains tight, leading them to cut corners in terms of data security in favor of productivity.

Senior- level employees choose productivity

In general, the Visual Privacy Productivity Study found that individuals at or above the supervisory level within their organizations are more productive than rank and file employees. The senior staffers with a privacy filter worked an average of 5.2 minutes while those at a lower level without a filter worked an average of 1.8 minutes. However, the concerning finding is that the senior staffers also worked longer when their data is not protected.

[Related: Does your generation pose an office security threat?]

Supervisors likely have higher demands to be productive, but they also likely have access to more sensitive data making them a risk area for a data leak.

Women choose privacy

Female employees work longer and harder than their male counterparts and tend to be more conscientious about data protection. In total, 56 percent of study respondents stated that privacy was either important or very important. Yet, when broken down by gender, women valued privacy at a rate of 61 percent compared to 50 percent of men. Gender also made a difference in time on or off the clock -- when given the chance to work or walk away, women chose to work 62 percent of the time verses men's 48 percent.

Addressing the Weak Links

With varying sensitivities to data security across gender, age and seniority, there are steps CSOs can take to bolster productivity in all employees while safeguarding confidential information.

Firstly, companies need to look at their workforce and identify those employees that pose a high risk of productivity loss and/or exposing sensitive information when working in public. Men and employees under 35 are groups to target in addition to extensive business travelers and those in sales or customer service. It is critical to equip these individuals with the appropriate tools -- such as a privacy filter -- to maximize productivity and prevent data loss. Industries that should pay particular attention to these issues are financial services, IT, government and healthcare.

On top of this, security leadership must develop clearly-defined policies on working off of mobile devices in public and educate their employees on these procedures. Forty-seven percent of those surveyed were unsure or did not think their company placed an importance on protecting sensitive information displayed on a screen in public places and 58 percent were unsure or did not think other employees were careful about protecting data on a computer or mobile device screens outside the office.

Accessing confidential data while working on the go is only going to increase with further developments in cloud computing, BYOD and a blurred line between work and personal time. Now is the time to put the measures in place that will protect both the workforce and company data against serious threats.

Larry Ponemon is chairman and founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about 3M AustraliaCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Larry Ponemon

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts