According to research by data protection company Varonis Systems, the European privacy legislation GDPR has changed little about data management practices in the first year. For example, the average large company leaves about 17 percent of its sensitive files open to every employee.
Varonis concluded this in its annual audit, writes Silicon Angle. More than half of the companies audited had over a thousand sensitive files open. The same number left over 100,000 folders with virtually no access rules.
The Varonis report is based on audits at 785 companies. In doing so, it uses automated processes to scan permissions of files and folders, as well as to identify keywords that may classify a document as sensitive. The analysis covered a total of 54 billion stocks.
It’s getting worse.
Not only did Varonis conclude that access controls are weak in most organizations, but also that 40 percent of companies have over a thousand active accounts in their access directories of people who no longer work there. Moreover, 53 percent of the data of an average company is outdated and should no longer be stored. Abandoned or “ghost” accounts are considered a major vulnerability. Obsolete data can also be a problem according to the GDPR.
Moreover, the situation is getting worse and worse, according to a comparison with the latest report of a similar study carried out by Varonis last year. 22 percent of the folders the company looked at were open to everyone, compared to 21 percent last year. The number of folders for an average company with sensitive but easily accessible data rose to 53 percent, from 41 percent in 2018.
Monitoring and regulating data is virtually impossible in most organizations, says Brian Vecci, field chief technology officer at Varonis. Personal data that initially comes from a web form, can later be copied into a spreadsheet that is mailed to multiple people. This creates double records that are impossible to control.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.