Business leaders overvalue data encryption: Study

IT managers are typically well aware of the importance of data encryption, especially when trying to secure laptops and PCs. But, according to a new survey of Canadian IT and business leaders, business managers might actually be taking this point too far.

 

The study — conducted by data security research firm Ponemon Institute LLC and sponsored by laptop theft protection vendor Absolute Software Corp. — found that 62 per cent of responding Canadian business managers said encryption makes other data security measures unnecessary and irrelevant. This compares to 44 per cent of surveyed Canadian IT leaders who answered the same way.

 

“It shows that there’s still a reliance on myth,” said Mike Spinney, senior privacy analyst with the Ponemon Institute. “Unfortunately, one of those myths is that technology is the magic wand that protects us from everything going on.”

 

The study, which surveyed 367 IT practitioners and 325 non-IT business managers from Canadian enterprises, also found that 52 per cent of responding Canadian business managers actually disengaged their PC’s encryption tools.

 

The study concluded that while business executives appear to overvalue encryption and its role to stop data breaches, many of them are actually hindering its effectiveness by improperly circumventing the technology, creating weak passwords, or using insecure wireless connections.

 

“(Business managers) have shown themselves to be hypocritical,” said Spinney. “They’re turning off the very thing they believe is going to be protecting them.”

 

For David Senf, director of the infrastructure solutions group at IDC Canada Ltd., the results highlight the extremely low understanding many business managers have about security threats and vulnerabilities.

 

“The fact that encryption shows up as something business managers feel is the ‘be-all-and-end-all’ to preventing data loss is absurd,” he said. “But it’s a reality that our data continues to show as well.”

 

Senf said that while encryption is an important and necessary tool to enterprise security, it’s absolutely not a complete defence strategy.

 

“You could call up one of these business managers, pretend you’re their IT department, get the password, and lo and behold, you now have access to their encrypted data,” he said. “Moreover, you could send an attachment to them that contains a keystroke logger and get the password that way. You would also get other information before it gets encrypted on the drive.”

 

Of course, IT managers who wants to drive their point home about the dangers of relying solely on encryption should avoid both of these methods if they want to stay out of trouble with the law and keep their jobs.

 

Instead, Senf said, IT leaders should focus on trying to educate business managers, with simple and easy-to-understand examples of the dangers of relying solely on encryption. This means that IT managers must also become marketers, trying to influence their business colleagues on security tactics, without going overboard and desensitizing them.

 

He added that it’s especially important to educate employees as they come into the organization, because it’s often difficult to change an employee’s habits once they are settled in.

 

Spinney pointed to effective awareness programs about workplace safety and sexual harassment as examples that could also be translated to IT security. Employees need to be aware of the consequences to themselves and their company if they turn off their encryption measures, he added.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now