Your employees are your greatest asset, but they may also pose the greatest data breach risk to your organization. Unfortunately, multiple studies and research point to employees as the leading cause of data breaches.
Employees may put your data at risk in a number of ways; from failing to practice good password habits to losing a device that contains proprietary data. Whether their actions are accidental, intentional or simply negligent, the results of a data breach caused by employees can be devastating.
If you believe your organization could never experience a breach as a result of employee actions or negligence, consider these facts:
- In 2014, employee negligence accounted for nearly 11 percent of the data breaches recorded by the Identity Theft Resource Center.
- Human error was the source of 30 percent of all data breaches in 2014, according to the Ponemon Institute’s 2014 Cost of a Data Breach report. Malicious attacks – some of which may have been perpetrated by current or former employees – accounted for 42 percent.
- Nearly three quarters (71 percent) of employees surveyed by Ponemon for the study “Corporate Data: A Protected Asset or a Ticking Time Bomb?” said they had too much access to confidential company data, 54 percent said their access is frequent and less than half (47 percent) said they believed their companies appropriately acted to protect company data accessed by its employees.
- 74 percent of IT professionals say that when there’s a company data breach, insiders are to blame, according to the Ticking Time Bomb report.
With training, however, you can help your employees reduce data breach risks as a result of their actions or inaction. Training and awareness programs need to be a vital, vibrant and evolving ingredient of your overall data breach preparedness plan. Employees should be clear on their responsibilities to help ensure your organization’s cybersecurity. Clearly defined and consistently communicated policies should be in place for all aspects of your company’s data management.
Be aware of common sources of leaks, such as contaminated email, hacked passwords or lost or stolen devices, and craft policies that address each specific risk by delineating preventive steps every employee should take. Restrict access to sensitive data to only those employees who truly require it in order to do their jobs, and employ multiple layers of verification to ensure the only people accessing the data are those authorized to do so. Finally, implement and enforce protocols to ensure that cloud services and mobile devices are as secure as possible.
Proper training and the guidance of clearly defined security polices can help ensure that your employees remain your organization’s most valuable assets – and minimize the risk that they will be the source of a data breach.