Most firms have spent more on data security but still fail

Almost two thirds of companies say they have deployed new information security technology over the last year, but many are simply failing on the basics when it comes to protecting their data, according to research.

Companies are still regularly failing to secure file folders on networks despite that being the biggest vulnerability point leading to unauthorised disclosure of confidential information.

M-Files Corporation and the Association for Information and Image Management (AIIM) conducted joint research into the main threats at organisations, and found that 38 percent of companies had experienced one or more information security breaches within the past year.

And nearly one-third (31 percent) of respondents felt their organisation does an “inadequate job” of protecting confidential and sensitive information. In addition, 36 percent noted that either their organisation does not have a formally documented policy about how company information is stored, managed and shared – or that they didn’t know if such a policy existed.

Despite this many companies are taking proactive steps to address information security breach issues, with 59 percent of respondents stating their organisation had implemented new information security solutions, systems and/or protocols within the past year.

“The prevalence of information security breaches can be seen as a direct result of having an ineffective information management strategy,” said Greg Milliken, vice president of marketing at M-Files Corporation. “It’s clear that businesses need better information management solutions to deliver the document control and security features required to protect confidential information, while still making it quick and easy for users to find the information they need.”

While unsecured network file folders are where most respondents felt their company is most vulnerable to internal information security breaches, paper files (46 percent) and data exposed by personal file sharing apps (44 percent) were also noted as weak points.

When asked about proactive steps their organisation has taken to mitigate potential information security breaches, 62 percent said their company has created and communicated formal information governance policies to their employees, and 59 percent have changed security and access rights to sensitive information.

“Businesses of all sizes must take information security seriously, looking at the whole organisation – people, processes, governance and technology – in order to better address their security and access control requirements,” said Bob Larrivee, vice president and chief analyst of AIIM Market Research.

@AntonySavvas