Data Theft in the Office Made Easy

Only one in two employees has rules in their workplace to protect against cyber attacks that are systematically implemented. These are the findings of a representative forsa survey on behalf of DEKRA. 1,005 employees who work with computers professionally in German companies were surveyed.

• Many employees who work on computers do not receive training
• IT security rules in use in only half of the cases
• One in two employers is not fit in General Data Protection Regulation

Formally, there is a strong need for cyber security: A large majority of employees say that the security of the IT infrastructure has a very high (65%) or high (26%) significance for the employer. 85% of those surveyed feel that their occupational computer is adequately protected against cybercrime.

The situation is different when it comes to handling security rules:

• Only half (52%) say that there are rules on how to handle corporate IT that the employer precisely adheres to.
• One-third of workplaces (34%) have IT rules, but their adherence is not exactly respected.
• 12% of employees say that are no IT security rules at all.

Only one in three (32%) receives IT security training at work on a regular basis, and 18% receive or received training once. Almost half (48%) did not receive any IT security training at all.

The subject of data protection also indicates shortcomings: 94% of employees state that the protection of personal data is very important for their own employer. One in three employees (31%) state that although there are rules on data protection, compliance with them is not particularly well-respected. The training also has some catching up to do: only about a third (34%) are trained on data protection issues on a regular basis, 30% were trained once and 34% not trained at all.

When it comes to the new EU data protection regulation (GDPR), which entered into force in May 2018, many employees are filling in gaps in their knowledge. By their own admission, only a minority (48%) of the employees surveyed are well or very well informed on the specific content. 52% are not informed very well or not at all on the contents of the GDPR. This applies to an above-average extent for those surveyed who have not been trained by their employer on data protection.

There is also a sensitive security gap: According to the survey, one in three employees (35%) are allowed to use private devices or storage media such as smartphones or USB sticks in the company's IT infrastructure. According to the opinion of DEKRA IT experts, this practice can be a gateway for malware or cause data protection violations.

“People are the biggest IT security risk; companies should thus always create an awareness of digital security with regular training and continue improving the IT and data protection expertize in the organization,” comments Ingo Legler, IT security expert at DEKRA, on the results of the survey. “It is also crucial that the company is prepared to establish an overall IT security and data protection culture as part of digitalization and systematically enforce it.”

At the it-sa trade fair in Nuremberg (October 9–11, 2018), DEKRA will present its portfolio of holistic IT security and data protection solutions, including audits and certification, consultancy services, product testing and training: hall 10.1, stand 10.1-404.

www.dekra.com/cyber-security