This lack of knowledge could give rise to internal data breaches, where unwitting employees fall victim to social engineering attacks or circumvent data protection policies by downloading sensitive company data onto their personal devices while working from home.
Many survey respondents also report a lack of knowledge about their companies’ own security procedures. Almost three in ten (28%) said that they know little to nothing about their organization’s policies and procedures for keeping its premises, equipment and networks secure. The same percentage (28%) also admitted knowing little or nothing about policies and procedures for allowing employees to access data.
The failure to educate employees on protecting data is surprising considering that respondents named cyberattacks as the greatest risk to the long-term success of their organizations. The reality is organizations should be doing more to safeguard data — 2019 was a record year for breaches, with more than 15 billion sensitive records exposed, according to Risk Based Security1.
Organizations are increasingly adopting AI, analytics and automation technologies in their compliance programs. These tools can help an organization operate ethically by detecting and even predicting instances of fraud, corruption and theft within the enterprise and among third parties. Tools like machine learning can also be used to protect data more effectively – for example, by reducing the number of false positives in security alerts and automatically blocking malware.
How to safeguard data with integrity
Actions to take now include:
- Promote a culture of data integrity that encompasses both the organization and its supply chain, strengthened with regular communications and training
- Refresh training to take account of new working environments and regulations and roll out to workers across all functions, positions and seniority levels
- Utilize advanced technology as part of an effective compliance program to monitor business activity and flag potential risk areas — for example, as part of a cyber breach response plan to detect and quantify data that may have been lost
- Perform a risk assessment when introducing new advanced technologies that incorporates ethical scenarios where data integrity may be compromised
This article is one in a series based on the EY Global Integrity Report 2020 (pdf). For a comprehensive approach to maintaining integrity, please see the other articles in the series, accessible below: