Typetec’s survey of 200 small and medium-sized business owners in Ireland says over half (57%) of SMEs have had data lost or stolen because of employees having privileged access to data
Typetec, one of Ireland’s leading managed IT and cyber security solutions providers, today announces the latest results of its 2022 cybersecurity survey* of SME owners in Ireland, which finds that more than half (57%) say they have had data compromised, lost or stolen due to employees with privileged access to data.
The survey of 200 small and medium-sized business owners - commissioned by Typetec and conducted by Censuswide – revealed that 82% of SME owners believe that overprivileged users are a threat to their business. Overprivileged users are those employees with more logins and access to sensitive data and files than are required to carry out the duties assigned to them.
However, almost one-third (32%) of SMEs do not have a process in place to manage employee privileges. To add to the concern, 57% of SME owners admitted that employees who have left the business have retained privileges, meaning they can still access confidential company data after their last day of work.
Currently, one-fifth (20%) of Irish SMEs don’t have full visibility of all company data stored on employee devices, including personal devices used for work purposes.
When it comes to cyber security incidents, the research shows that 70% agree that there is a ‘blame culture’ in cybersecurity which delays incident reporting.
Following on from this, over one-fifth (22%) of SME owners say that in the event of a security data breach they would not let all affected customers and employees know immediately. Similarly, 19% believe that all of their employees would not immediately report a data breach on a work device.
Trevor Coyle, Chief Technology Officer, Typetec, said: “The survey shows us that employees who retain their user logins, passwords etc. to company data after they leave puts an organisation at great risk. Businesses need to think of privileged access as a digital key to company files. You wouldn’t let an employee who is moving on from the organisation keep a key to the office, so don’t let them keep a digital key to essential company data.
“This paired with human error can lead to the loss of critical data, which can be detrimental to the reputation of a business. The solution is to use privileged identity management, while still monitoring access to data on a consistent and timely basis to avoid data theft and loss, and to train staff around such incidents in order to reduce the risk of costly mistakes.
“It’s also clear that reporting cyber security incidents can be delayed due to fear of blame among staff. It’s important that employees feel comfortable enough to report cybersecurity breaches and that an ethos of mindful data management is instilled through ongoing security awareness training. Time is of the essence when it comes to data restoration and recovery, so employees need to be encouraged to be responsible and act fast.”
Survey methodology:
The survey was commissioned by Typetec and conducted by Censuswide between 10th-18th August 2022. With employee numbers of up to 150 people, 200 business owners from across the Republic of Ireland were surveyed. Censuswide abides by and employ members of the Market Research Society which is based on the ESOMAR principles.
About Typetec:
At our core, we are one of Ireland's top Managed IT Service Providers for the past 40 years. We provide Technology Consulting and Managed IT Services that deliver Security, Productivity and Engagement solutions. We are a Gold Microsoft Partner, and we partner with best-in-breed cybersecurity vendors to provide a Modern Work & Security environment. For more information, visit www.typetec.ie
08/11/2022