Monday, May 23, 2022

Canadian firms not using encryption enough to protect data: Sophos

Fewer than half of Canadian businesses surveyed say they use encryption extensively to protect corporate data, according to a new survey released Tuesday from security vendor Sophos.

That puts us on behind the U.S. (54 per cent) but par with most of the six countries studied, says Marty Ward, the company’s vice-president of product marketing. On the other hand, he added, it also means half of the companies here don’t use encryption much, which he said is a “big hole.”

More seriously, 42 per cent of Canadians surveyed — and 43 per cent of all countries studied –said their firms don’t always encrypt employee records.

That last point was part of an “eye-opening” statistic across all countries, Ward said:  “Employee data is not being protected as well as well as it should be, and not as well as customer data. It almost seems like people are making a trade-off and saying, ‘Customer data is more important so I’ll make sure that;s protected, but employee data, not so much.”

He also noted that only 41 per cent of Canadian respondents said their firm encrypts data sent to the cloud.

Two hundred IT decision makers in Canada were among the 1,700 surveyed in six countries surveyed last fall, including the U.S., India, Australia, Japan, Malaysia.

Firms that say their use of encryption is "extensive." Sophos graphic
Firms that say their use of encryption is “extensive.” Sophos graphic

In some areas Canadian respondents fared well. For example, 85 per cent of respondents here said their organization encrypts payment data, much better than the average. And 45 per cent of Canadian respondents said their firm uses both file and disc encryption, higher than any other country studied. Encrypting files protects data wherever it goes, Ward said.

Fewer than half of Canadian businesses surveyed say they use encryption extensively to protect corporate data, according to a new survey released Tuesday from security vendor Sophos.

That puts us on behind the U.S. (54 per cent) but par with most of the six countries studied, says Marty Ward, the company’s vice-president of product marketing. On the other hand, he added, it also means half of the companies here don’t use encryption much, which he said is a “big hole.”

More seriously, 42 per cent of Canadians surveyed — and 43 per cent of all countries studied –said their firms don’t always encrypt employee records.

That last point was part of an “eye-opening” statistic across all countries, Ward said:  “Employee data is not being protected as well as well as it should be, and not as well as customer data. It almost seems like people are making a trade-off and saying, ‘Customer data is more important so I’ll make sure that;s protected, but employee data, not so much.”

He also noted that only 41 per cent of Canadian respondents said their firm encrypts data sent to the cloud.

Two hundred IT decision makers in Canada were among the 1,700 surveyed in six countries surveyed, including the U.S., India, Australia, Japan, Malasia.

In some areas Canadian respondents fared well. For example, 85 per cent of respondents here said their organization encrypts payment data, much better than the average. And 45 per cent of Canadian respondents said their firm uses both file and disc encryption, higher than any other country studied. Encrypting files protects data wherever it goes, Ward said.

Types of encryption used by firms. Sophos graphic
Types of encryption used by firms. Sophos graphic

However, data on mobile devices and data in the cloud was much less likely to be encrypted than data on desktop computers. That’s a significant concern given the widespread use of smart phones and tablets by businesses, says the report.

On the other hand 89 per cent of Canadian respondents said their organizations will expand their use of encryption over the next two years.

Ward acknowledged that Sophos sell encryption solutions, so it has an interest in pushing the technology. But it doesn’t necessarily mean revenue to the company, he added. Instead Sophos is pushing simplicity: Rather than spending time and money classifying data to decide what should be encrypted, he said, CISOs should assume all business data is important and should be encrypted.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.