Nearly three-quarters (71%) of employees have access to data they should not see, and more than half say this access is frequent or very frequent.
This is according to a survey of workers in the US, the UK, France and Germany, commissioned by software company Varonis Systems and conducted by research centre the Ponemon Institute.
The report suggests that most organisations are having difficulty balancing the need for improved security with employee productivity demands. As a result, employees with needlessly excessive data access privileges represent a growing risk for organisations due to both accidental and conscious exposure of sensitive or critical data.
Overall, 80% of the IT practitioners who participated in the survey say their organisations don’t enforce a strict least-privilege (or need-to-know) data model. And nearly half (48%) revealed that they either permit end users to use public cloud file sync services or permission is not required.
Meanwhile, less than a quarter (22%) of employees overall say their organisation is able to tell them what happened to lost data, files or emails.
Yet 43% of end users say it takes weeks, months or longer to be granted access to data that they request access to in order to do their jobs. Just 22% report that access is typically granted within minutes or hours.
Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said: “Data breaches are rampant and increasing. The sheer growth of both digital information and our dependence on it can overwhelm organisations’ attempts to protect their sensitive data. This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs.”
He added: “When that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”