businessman-challenge-concept-success

A culture of blame hinders cloud adoption and compromises data security Veritas

Andy Ng, Vice President and Managing Director for Asia South and Pacific Region at Veritas Technologies, talks to EITN about challenges to cloud adoption.

EITN: Why is there a culture of shame and fear about cloud applications among Singapore employees. Please explain.

Andy Ng: A culture of shame and fear can occur when the employees do not have a supportive work environment to get past the blame game. For example, line managers under tight deadlines or bottom-line pressures may snap or pass the blame to their subordinates to avoid the heat. As a result, employees are either afraid to come forward when they do something wrong, such as accidentally deleting data from cloud applications, or they perpetuate the blame culture by pointing fingers at others in the workplace.

Our research found that 29% of Singapore respondents lied to cover up the fact that they had accidentally deleted data from cloud applications.

When asked why they had failed to own up to their errors, 26% of respondents said that they kept quiet because they were ashamed while 16% did so because they feared the repercussions. These data findings point to a larger problem – the lack of a safe space for employees to speak up, especially when it comes to critical data loss or security breaches that resulted from ransomware incidents.

For far too long, companies have been using shame as a management tool. As such, behaviours such as finger pointing and shaming employees when they make mistakes are common, giving rise to an environment that is predominantly imbued with fear. As a result, employees do not feel empowered to come forward to admit their mistakes when losing data from cloud applications. If left unchecked, this will undermine the benefits of cloud adoption where employees are using cloud-based technologies to help them get their tasks done.

Our research found that 29% of Singapore respondents lied to cover up the fact that they had accidentally deleted data from cloud applications.

It is imperative for organisations to eliminate this culture of shame and fear in their workplaces and create a more conducive environment for employees to speak up on issues or concerns that could potentially be detrimental for business operations.

EITN: Why do employees accidentally delete data? Does it point to cloud applications not being easy to use?

Andy Ng: In today’s remote working landscape, employees are inevitably the weakest link within an organisation. In the rush to respond to the challenges of the global pandemic, many companies put the priority on just making things work. While employees are provided with mobility solutions and remote access to cloud applications, not all are trained or know what to do when they accidentally delete their data.

Data loss is most often caused by human error, even though malicious cyber-attacks, faulty hardware or power failure are possible factors at play. Today, employees are often dealing with massive amounts of data in this digital world and mistakes such as accidental deletion are bound to occur.

According to Veritas’ latest study, over half (57%) of office workers in Singapore have accidentally deleted files hosted in the cloud—such as business documents, presentations and spreadsheets—and as many as 14% do so multiple times per week. This underscores the importance for organisations to invest in adequate time and resources to educate employees on the policies related to cloud applications and good data hygiene habits, to reap long-term benefits such as a decrease in data loss incidents. 

EITN: How does the misperception that data is safer in cloud from ransomware, impact employees’ behaviour? Why leads them to think data is safer in the cloud?

Andy Ng: Our research findings show that employees do not have a clear understanding of how much help their cloud providers would be in the event of data loss or ransomware attack. Nearly all Singapore employees polled (92%) thought their cloud providers would be able to restore their lost files for them, and 9% even thought that their deleted items would be available in the cloud for at least a year after the data is lost. In addition, almost half (44%) of office workers here think data in the cloud is safer from ransomware because they assume their cloud providers are protecting it from malware they might accidentally introduce. This is a misconception that will continue to put businesses at risk until it is thoroughly debunked.

Data loss is most often caused by human error, even though malicious cyber-attacks, faulty hardware or power failure are possible factors at play. Today, employees are often dealing with massive amounts of data in this digital world and mistakes such as accidental deletion are bound to occur.

Storing data in the cloud does not automatically mean it is safe because most cloud providers only provide guarantee of their services and not data protection. Ultimately, businesses are responsible for implementing their own data protection policies and systems, no matter where the data resides.

EITN: How do employees who accidentally delete data, continue to do their work without the data that they require?

Andy Ng: Interestingly, employees who accidentally deleted their data have different reactions to the data loss. According to our research findings, 49% of the Singapore respondents had tried to recreate the document from memory, while 5% had lied to cover it up. In today’s hybrid work environment where more employees are accessing the cloud drives, it can be easier to find opportunities to avoid suspicion or pass the blame to their colleagues.

Both organisations and employees should be aware that there is no guarantee that deleted data can be recovered. Some files could be deleted quicker than expected, depending on how storage has been used to free up space. Hence, it is important for organisations to have a comprehensive backup and archive solution in place to address accidental data deletion.

EITN: Please do share the main implications of the study’s findings, and what does Veritas propose to alleviate the negative impacts?

Andy Ng: The Veritas research shows that human error, embarrassment and ransomware combine to undermine the benefits of adopting cloud solutions, such as Microsoft Office 365. Employees are losing valuable data such as customer orders and financial information when using cloud applications, with few office workers understanding the risks and responsibilities required to protect the data they have in these cloud services.

The culture of fear and shame is also preventing employees from owning up and seeking help to restore their lost data, further compounding the issue.

In today’s hybrid workplace, businesses are increasingly reliant on cloud-based technologies to stay connected and competitive in the digital economy. However, a blame and shame culture will not only result in an unhealthy work environment that has a deleterious effect on employee well-being and productivity but also undermine the success of cloud adoption.

To alleviate the negative damage highlighted by the research, organisations should have a clear understanding of their cloud providers’ policies and realise that they operate on a shared responsibility model by providing the applications, but it is up to businesses to protect their application data. Organisations should also put in place clear retention policies to determine how long data should be retained for operational and compliance reasons, as well as who has access to the data and classify data storage according to tiers. To recover from any data loss while also eliminating threats such as ransomware or malicious data deletion, it pays for organisations to deploy comprehensive SaaS data protection tools to back up data across all cloud applications.

The culture of fear and shame is also preventing employees from owning up and seeking help to restore their lost data, further compounding the issue.

It is equally critical for organisations to train their employees on the on the tools and policies that are being deployed to help reduce accidental policy breaches, such as data deletion, and ensure that workers know how to access and retrieve data that is lost or compromised in a timely manner.

It goes without saying that the culture of blame, shame and fear should be eliminated, and companies should instead foster a culture where employees are encouraged and empowered to come forward in the event of data loss incidents, security breaches or ransomware incidents, to allow businesses to take prompt remedial action.

In doing so, companies would ensure better management and protection of their data, and a smoother transition to the cloud.