Do your employees choose data protection or productivity?

Do you know which employees could be the weak links in your organization? Dr. Larry Ponemon details the surprising results of a recent study that asked participants to choose between protecting confidential information, or getting work done

Imagine this situation.

It's the day before an important presentation at a large corporation's annual global earnings conference. In the airport, the national sales manager receives last minute feedback and begins to edit the document on a laptop when a stranger takes the next seat. The presentation, which contains proprietary information on important company financials, is now in plain sight of wandering eyes. The national sales manager is faced with a critical decision: continue working to finish the changes or stop altogether to safeguard the company data.

While every CSO would hope the employee would choose to protect the confidential information, the reality is that many would not. So how does a CSO identify the weak links in the organization and prevent cybercriminals from gaining enterprise data through spear phishing and other low-tech methods like snooping?

[The 7 elements of a successful security awareness program]

Ponemon Institute recently explored this topic in the Visual Privacy Productivity Study. Employees at five companies were asked to participate in a survey. After being set up at a computer, the employees were told the survey was going to be delayed for 30 minutes and they had the choice to get some work done or take a break. Half of the employees' computers were also installed with a 3M privacy filter to measure whether visual privacy protection helped to increase productivity. The study did in fact find that employees whose visual security was protected with a privacy filter were twice as productive than those without a privacy filter. However, of those employees not equipped with a privacy filter, it also revealed the potential weak links in an organization that choose productivity over privacy.

Millennials choose productivity

The Visual Privacy Productivity Study found a stark difference in privacy orientation between generations, with older employees stating that privacy is either important or very important at a higher rate than their younger colleagues (65 percent of employees over 55 compared to 52 percent for millennials 26-35). These beliefs translated into outputs: older employees that didn't feel the data on their device screen was adequately protected worked less than younger employees experiencing the same level of privacy. In general —with or without privacy — younger employees spent more time on the clock and were more productive.

Younger generations, millennials specifically, are more likely to be privacy complacent, choosing productivity over data security. This is a group that grew up with technology in hand — they aren't afraid of it and even rely on technology to get through the day. Tangible data — a manila folder containing papers with numbers and figures — is a foreign concept, making it easier for millennials to access a file remotely without thinking twice about taking the necessary steps to secure it. Younger employees also feel pressure to produce more and prove themselves in an economy where the job market remains tight, leading them to cut corners in terms of data security in favor of productivity.

Senior- level employees choose productivity

In general, the Visual Privacy Productivity Study found that individuals at or above the supervisory level within their organizations are more productive than rank and file employees. The senior staffers with a privacy filter worked an average of 5.2 minutes while those at a lower level without a filter worked an average of 1.8 minutes. However, the concerning finding is that the senior staffers also worked longer when their data is not protected.

[Related: Does your generation pose an office security threat?]

Supervisors likely have higher demands to be productive, but they also likely have access to more sensitive data making them a risk area for a data leak.

Women choose privacy

Female employees work longer and harder than their male counterparts and tend to be more conscientious about data protection. In total, 56 percent of study respondents stated that privacy was either important or very important. Yet, when broken down by gender, women valued privacy at a rate of 61 percent compared to 50 percent of men. Gender also made a difference in time on or off the clock — when given the chance to work or walk away, women chose to work 62 percent of the time verses men's 48 percent.

Addressing the Weak Links

With varying sensitivities to data security across gender, age and seniority, there are steps CSOs can take to bolster productivity in all employees while safeguarding confidential information.

Firstly, companies need to look at their workforce and identify those employees that pose a high risk of productivity loss and/or exposing sensitive information when working in public. Men and employees under 35 are groups to target in addition to extensive business travelers and those in sales or customer service. It is critical to equip these individuals with the appropriate tools — such as a privacy filter — to maximize productivity and prevent data loss. Industries that should pay particular attention to these issues are financial services, IT, government and healthcare.

On top of this, security leadership must develop clearly-defined policies on working off of mobile devices in public and educate their employees on these procedures. Forty-seven percent of those surveyed were unsure or did not think their company placed an importance on protecting sensitive information displayed on a screen in public places and 58 percent were unsure or did not think other employees were careful about protecting data on a computer or mobile device screens outside the office.

Accessing confidential data while working on the go is only going to increase with further developments in cloud computing, BYOD and a blurred line between work and personal time. Now is the time to put the measures in place that will protect both the workforce and company data against serious threats.

Larry Ponemon is chairman and founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices.

Copyright © 2013 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline