PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

The Worst Threat to Business Data Security: Employees

While information security professionals might believe employees are the best line of defense, a new Data Exposure Report found that employees are the most glaring infosec liability.

Eric Griffith
 & Eric Griffith Senior Editor, Features

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Of the 40 million people who changed jobs last year alone, 60 percent of them took data with them, according to data backup and loss prevention company Code42. Data they probably didn't own. So it might seem a little self-serving of Code42's annual Data Exposure Report (DER) to say insider threats are the biggest problem a company faces.

The Why Axis BugBut the report, while commissioned by Code42, was run by independent UK-based Sapio Research, which surveyed 1,028 information security leaders and 615 business decision-makers at companies in the US, UK, Germany, Austria, and Switzerland. Some of the responses were surprising, starting with the graphic above. If 65 percent of CEOs and 78 percent of CSOs are clicking links they shouldn't have, what do you think is happening in the cubicles?

Code42 DER 2019 - Apps Uses for Sharing

The report goes on to mention how company-sanctioned file-sharing and collaboration platforms like Microsoft OneDrive (used by 43 percent of respondents), Google Drive (41 percent), Dropbox (33 percent), Slack (13 percent), iCloud (38 percent), and even WhatsApp (37 percent) are not only popular, but huge holes in data security. Since the apps allow users to move data outside the company, "information security teams lose visibility to data and thus the ability to protect it."

Perhaps the biggest wake-up call is that depending on who you ask, those surveyed said employee actions were responsible for either 50 or 53 percent of any data breach they'd experienced.

Code42 DER 2019 - What Causes a Data Breach?

Infosec respondents said that external bad guys like cybercriminals account for only about 28 percent of breaches. Business decision-makers in the company were more likely to put hardware failures to blame at 25 percent, but that's still well behind employees and third-parties in the data vulnerability rankings.

Recommended by Our Editors

Slack
Slack - Review

Code42 and Sapio also surveyed respondents about whether they'd brought data over to the job from a previous employer. The answer to that was a resounding Yes from an average of 63 percent of them, while 38 percent were also convinced their colleagues had done the same.

Code42 DER 2019 - My Work and My Ideas

Why do they do it? Because even the leaders who were asked about it, about 71 percent of them, said they took data because it represents more than corporate data: "it's my work—and my ideas." Only 1 percent of respondents strongly disagreed with that sentiment.

Other highlights: 89 percent of CSOs said they are "desensitized" to cybersecurity threats because it's all overblown by the media; same for 30 percent of the info security leaders. (Yeah, it's our fault).

About Our Expert

Eric Griffith

Eric Griffith

Senior Editor, Features

My Experience

I've been writing about computers, the internet, and technology professionally since 1992, more than half of that time with PCMag. I arrived at the end of the print era of PC Magazine as a senior writer. I served for a time as managing editor of business coverage before settling back into the features team for the last decade and a half. I write features on all tech topics, plus I handle several special projects, including the Readers' Choice and Business Choice surveys and yearly coverage of the Best ISPs and Best Gaming ISPs, Best Products of the Year, and Best Brands (plus the Best Brands for Tech Support, Longevity, and Reliability).

I started in tech publishing right out of college, writing and editing stories about hardware and development tools. I migrated to software and hardware coverage for families, and I spent several years exclusively writing about the then-burgeoning technology called Wi-Fi. I was on the founding staff of several magazines, including Windows Sources, FamilyPC, and Access Internet Magazine. All of which are now defunct, and it's not my fault. I have freelanced for publications as diverse as Sony Style, Playboy.com, and Flux. I got my degree at Ithaca College in, of all things, television/radio. But I minored in writing so I'd have a future.

In my long-lost free time, I wrote some novels, a couple of which are not just on my hard drive: BETA TEST ("an unusually lighthearted apocalyptic tale," according to Publishers' Weekly) and a YA book called KALI: THE GHOSTING OF SEPULCHER BAY. Go get them on Kindle.

I work from my home in Ithaca, NY, and did it long before pandemics made it cool.

The Technology I Use

My first computer was a Laser 128, an Apple II-compatible clone with an integrated keyboard, matched with an eye-straining monochrome green monitor. I used it to type papers in college for other people for money...until I discovered the Mac SE in the college computer room. That changed my life. My first cellphone was a Samsung Uproar—the silver one with the built-in MP3 player from the Napster days (the pre-iPod era).

I use an iPhone 15 Pro hourly and an iPad Air infrequently (but I'm always in the market for a cheap Android tablet). I have a PlayStation 5 just to play Spider-Man, and several Windows machines, including a work-issued Lenovo ThinkPad. I talk to Alexa and Siri all day long. I do the majority of my computing on a 15-inch LG Gram laptop attached to a Thunderbolt hub to run a multi-monitor setup—I overdid it on the power needed to simply work from home.

I'm most at home in Microsoft Word after decades of writing there. More and more, I turn to services like Google Docs, using tools like Grammarly. I use Google's Chrome browser due to an addiction to several extensions I think I can't live without, but probably could. I use Excel extensively on data-intensive stories, but for chart creation, we've switched over entirely to using Infogram for interactive features that are hard to find elsewhere. I do a lot of graphics work for my stories, but limit myself to the free and amazing Paint.NET software to edit images.

I'm a firm evangelist for using the cloud for backup and syncing of files; I'm primarily using Dropbox, which has never failed me, but I also have redundant setups on Microsoft OneDrive, plus extra picture backups on Amazon Photos and iCloud. Why take chances? For entertainment, mine is a streaming-only household—my kid has never seen network TV and barely been exposed to commercials, thanks to Roku and Amazon Music. The house is peppered with smart speakers from Amazon for instant gratification and control of smart home devices like multiple Wyze cameras and Nest Protect smoke detectors. I've got accounts on all the major social networks, to my horror. I have a robot vacuum for each floor of the house. I want a 3D printer, but not sure what I'd use it for.

Read the latest from Eric Griffith

Read full bio