A new survey shows that nearly 30 percent of employees use personal cloud services to store work-related documents. Five percent of respondents also admitted to uploading confidential data to their respective personal cloud accounts, according to Varonis, which released the results of the survey.
The survey, conducted by Microsoft TechEd events in June, consisted of more than 120 companies and was aimed at uncovering how much confidential information is being leaked beyond the corporate atmosphere. The survey found that one of the leading causes for data leakage comes from employees uploading sensitive work-related data to personal cloud accounts. A small percentage of employees were also found to upload a large number of files containing confidential work-related data.
An additional goal of the survey was to find out what measures companies were taking to deter employees from sneaking away with sensitive data when they leave the company.
"Before a company can begin to address the leakage of intellectual property, it's important to accurately identify the source of the leaks and address the low-hanging fruit," said David Gibson, vice president of marketing at Varonis. "We were surprised by the low awareness level of NDAs among employees. While singing of NDAs is typically part of an employee's onboarding process, it is often forgotten. It's clear that employers can do more to improve employee knowledge of their confidentiality obligations."
Having a non-disclosure agreement (NDA) in place can help reduce the number of employees who upload sensitive data to their cloud accounts without company approval.
The survey found that 44 percent of employees have not signed an NDA;an indicator that companies have room for improvement in communicating value and importance of their IP to their employees.
Aside from an NDA, employers can ask their employees to return or delete any sensitive data to the organization in an exit interview. The survey found that only 46 percent of respondents were asked to do so when leaving their last position.
Organizations can further protect themselves from future leakage by blocking public cloud services and providing a sanctioned alternative to public cloud-based lockers that offer the same user experience while keeping data under the organization's control, Varonis said.