Lack of error culture: 40 percent of employees cover up data losses

Companies are losing data not only to ransomware attacks, but also to gross blunders by their employees. This was the finding of a study by Veritas, a provider of data security solutions for companies, for which a total of 11,500 office employees in Germany, France, the United Kingdom, the United States, Australia, China, Singapore, South Korea and the United Arab Emirates were surveyed. In Germany, for example, more than half (54 percent) have already accidentally deleted shared data such as Word or Excel documents and presentations. Twenty-three percent of respondents have done this several times a week, and one-fifth do it every day.

No error culture: blame and punishment

The mistakes also happen with business-critical information: According to the survey, 14 percent of German study participants have already deleted personal data by mistake. In 18 percent of cases, HR information was affected - such as details on employees and employment relationships - and in 16 percent of cases, customer data was lost.

"Organizations must not blame their employees for inadvertently deleting this information or accidentally allowing hackers to hijack data," urges Eric Waltert, Regional VP DACH at Veritas. "There is often only a short window of time to recover deleted or corrupted data in the cloud. Managers should therefore educate their employees and train them to report such cases to the IT team as soon as possible so they can take immediate action. It is clear from our study that penalties would be the wrong way to go here."

Employees are ashamed to admit mistakes

The study found that application errors often do not even come to light. For example, 40 percent of survey participants in Germany try to cover up the fact that they accidentally deleted shared data from cloud applications such as Office 365 or Google Docs. 37 percent said that no one had noticed their mistake. In the vast majority (63 percent), however, the errors were discovered. In 16 percent of all incidents, the data was lost forever.

When asked why they did not admit the mistakes, 35 percent of respondents said they were ashamed. 17 percent explained that they were afraid of personal consequences. Seven percent cited the fact that they had already had trouble with their IT department as a reason. These results show that many companies have a poor error culture.

In the case of ransomware incidents, there is even more concealment: only 32 percent of those surveyed in Germany would immediately admit to mistakes that enabled the introduction of ransomware in the first place. 38 percent would do nothing at all and act as if nothing had happened. And 23 percent said that they would report the incident - but without admitting that they had anything to do with it.

Data loss leads to anger and despair

When data shared in the cloud is lost, it can have a major impact on the well-being of employees: 42 percent of the Germans surveyed said they swear when they lose data. Eleven percent have even broken something out of anger, and 15 percent have burst into tears. Losing important work documents is a particularly stressful experience for employees. According to the survey, such an incident is perceived as more stressful than a job interview. Even worse for respondents is the thought of being responsible for introducing ransomware. Only the loss of a cell phone, keychain or wallet would bother them more.

"Employees are now dependent on cloud-based technologies to get their work done," Waltert said. "In Germany, 38 percent of office workers store data in cloud folders that IT has created for them. Twenty-three percent use folders that sync with the cloud, and 19 percent store information in cloud folders that they share with their teams. The more employees access the cloud, the more opportunities individuals have to shift blame from themselves to others. However, without knowing the details of who caused a ransomware attack, how and when, it's extremely difficult to mitigate the damage."

Lack of knowledge about how the cloud works

The survey also showed that many employees do not know whether and how lost data can be recovered. For example, almost all participants in Germany (94 percent) believe that this is possible - either with the help of a cloud copy, their deleted objects folder or via a backup. And eight percent think that their "deleted objects" are still available in the cloud up to a year after the data was lost.

In addition, 41 percent of respondents consider data in the cloud to be relatively well protected against ransomware because the cloud provider ensures that no malware is introduced, Waltert quotes from the study. "This is a fundamentally false assumption that puts companies at risk if not addressed. As a rule, cloud providers also make it clear in their standard services that the company itself is responsible for protecting its data. Storing data in the cloud does not automatically make it secure."

User company: Responsibility and better error culture

According to the study, each office worker accidentally caused the loss of an average of 27 documents last year. This highlights the scale of the problem when using cloud applications. "More than one in two users have accidentally deleted a file in the cloud and been unable to retrieve it. This puts employees in tremendous stressful situations, and they often try to cover up their mistakes out of shame or fear. Some may believe that it's not a problem for the cloud provider to recover the data. But the service provider is not responsible for the security of the data. The responsibility lies with the user company - whether the information is stored in the cloud or on employee devices. With the right measures and easy-to-use tools for recovering lost files, companies can take a lot of pressure off their employees. Blaming doesn't help - backing up data correctly does."

Source: Veritas