Almost three-quarters (71 per cent) of employees say that they have access to data they should not see, and more than half say that this access is frequent or very frequent.
The research, conducted in October 2014 with 2,276 employees by Varonis and the Ponemon Institute, suggested that most organisations are having difficulty balancing the need for improved security with employee productivity demands.
Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, said: “Data breaches are rampant and increasing. The sheer growth of both digital information and our dependence on it can overwhelm organisations’ attempts to protect their sensitive data.
“This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences. ”
Only 22 per cent of those surveyed believe that their organisation as a whole place a very high priority on the protection of company data, and less than half of employees believe their organisations strictly enforce security policies related to use of and access to company data. Also, four in five IT practitioners (80 per cent) say their organisations don’t enforce a strict least-privilege (or need-to-know) data model, while 48 per cent of IT practitioners say they either permit end users to use public cloud file sync services or permission is not required.
Yaki Faitelson, co-founder and CEO of Varonis, said, “Unnecessary access combined with a lack of auditing capability adds up to inevitable disaster. Now we see that lack of control and oversight is impacting employee productivity as well, as they struggle to find and get access to data and share it easily and securely with business partners.”