Veritas Technologies revealed new research that highlights the dangers of mis-using instant messaging (IM) and business collaboration tools: 71% of office workers globally – including 68% in the US – admitted to sharing sensitive and business-critical company data using these tools, the survey found.
The Veritas Hidden Threat of Business Collaboration Report, which polled 12,500 office workers across ten countries, shows employees are exposing companies to risk by taking data out of the control of businesses that employ them. In the US, 58% of employees are saving their own copies of business information shared over IM, while 51% delete that information entirely. Either approach could leave companies open to significant fines if regulators ask to see a paper trail.
Sensitive data being shared by employees on these channels in the US includes client information (13%), details on HR issues (10%), contracts (10%), business plans (10%), and even COVID-19 test results (12%). Less than one-third of employees suggested they hadn’t shared anything that could be compromising. The research also reveals that, while employees are using collaboration tools to close deals, process orders and agree to pay raises, many believe there will be no formal record of the discussion or agreement. In fact, only 56% in the US believe employers are saving this information.
Ajay Bhatia, GM, Digital Compliance at Veritas Technologies, said: “For millions of us, our entire way of work has been reset since the start of 2020. Companies are rushing to bolster their data protection and discovery strategies to include the platforms where their business is actually being done.”
Increased use is compounding issues
The research shows this challenge is compounded by the amount of time employees spend using messaging and collaboration apps: time spent on tools such as Zoom and Teams has increased by 13% in the US since the start of the pandemic. This means employees are spending, on average, two and a half hours every day on these applications, with 27% of US employees spending more than half the working week on these tools.
A significant amount of business is now routinely conducted on these channels and employees are taking agreements as binding. For example, as a result of receiving information over messaging and collaboration tools, almost 24% of US employees have accepted and processed an order, 25% have accepted a reference for a job candidate, and 20% have accepted a signed version of a contract.
Sensitive data is being shared on these tools even though 39% of US employees have been reprimanded by bosses. These admonishments may have been in vain, however, as 75% of all US workers say they would continue to share this type of information in the future. Bhatia said: “It is now clear that constraining employees to ‘approved’ methods of communication and collaboration tools isn’t effective. Instead, our message is simple: don’t fight it – fix it.”
IM trusted nearly as much as e-mail
When asked which methods of communication provide the most reliable proof an agreement is binding, responses didn’t appear to be based on the businesses’ ability to capture the discussion as evidence:
• In the US, e-mail is viewed as reliable affirmation of an agreement by 96%, followed by electronic signature at 95%.
• IM was trusted by 93%, text by 89%, and even social media was viewed as reliable proof by 68%.
Bhatia said: “Business data is now everywhere. Deals are being done, orders are being processed, and sensitive personnel information is being shared, all through video-conferencing and messaging platforms. It is now critical for companies to include this rapidly growing volume of data in their protection and compliance envelope. If they don’t, the implications could be huge.”
The research also uncovered some interesting patterns that emerge from country-to-country comparisons:
● 34% of workers globally would accept an order over an instant messaging app and start processing it. But regional differences exist – 49% in China would action the sale, but only 29% in the US would do the same.
● While 58% of employees in the US are saving their own copies of information shared over instant messaging apps, 75% of office workers in China and 44% of UK workers are doing so.
● Willingness to use business applications for personal purposes varied considerably. 47% of US employees have used corporate applications for personal conversations compared to 57% of employees in China and South Korea and just 32% in UK.
● Some employers are clearer in enforcing their policies than others. An average of 30% of respondents worldwide have been reprimanded by their employer for IM use, but that number increases to 39% in the US and goes down to 21% in Brazil.
Veritas recommends the following steps for businesses to regain control of data being shared over collaboration and messaging tools:
• Standardize on a set of collaboration and messaging tools meeting the needs of the business – this will limit the sprawl.
• Create a policy for information sharing – this will help control sharing of sensitive information.
• Train all employees on the policies and tools being deployed – this will help to reduce accidental policy breaches.
• Incorporate data sets from collaboration and messaging tools into the businesses’ data management strategy using eDiscovery and SaaS data backup solutions – this will empower users to maximize the tools without putting the business at risk.
Source: https://www.securitymagazine.com/articles/94783-71-of-employees-share-sensitive-and-business-critical-data-using-instant-messaging-and-business-collaboration-tools