Is your data leaving with your staff?

Employers: Beware of data theft from within.

We now live in a data driven business world where almost everyone is online. Because of this, it’s vital for businesses to protect themselves against a cyber-attack or security breach. External threats are everywhere. Spyware, viruses and ‘hackers’ with access to the dark web, mean a business and its customer data are always at risk, especially if left unprotected by up-to-date software and IT systems.

But, have you considered the threats that come from within? Data being emailed, downloaded, utilised by staff for reasons it wasn’t intended to be used for and that you don’t know about. Criminal activity can result in large fines and legal cases. And, could cause significant damage to the reputation of your company.

What is a data breach?

A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.[1] It is a major issue particularly when it comes to ex-employees. A recent study shows only 24% of companies follow strict procedures to ensure ex-employees no longer have access to systems and passwords.[2]

What is even more concerning is the root cause of data breach by current or former employees: (51%) is due to a malicious reason, along with system glitch (25%) and human error (24%)[3]. The same study, which surveyed 41 companies also showed when a breach happens for malicious reasons, on average it costs the company £108 per capita, whilst system glitch and human error cost £97 and £94 per capita.[4]

It’s vitally important to educate staff and any employee likely to handle sensitive information. This is basic protocol for ensuring data security. Not doing so is a shortcut that really isn’t worth taking. A recent 2017 study shows that 95% of organisations have employees who try to override security and web restrictions.[5] Educating staff on why such systems are in place will help them realise the importance.

Protecting your company against a data breach

Here are our top tips to help protect your business:

Training: Make sure your employees are aware of the importance of protecting data and how to handle it correctly. Communicate with staff about the repercussions of using data for malicious or criminal reasons.[6]

Secure sensitive information: Make sure your employees only have access to information they need to know: keep important paper files and removable storage devices in a locked drawer and important electronic documents in a password-protected folder.[7]

Control physical access: Create user accounts for each employee, so they can only have access to the information they need, and you can monitor their activity.[8]

Back up: Always keep a back-up of your files in more than one place: in a cloud, on a secure server and only on a encrypted USB drive if completely necessary.[9]

Control passwords: Ensure all computers are password protected and encrypted. Consider introducing biometric authentication; where every transaction or action is documented along with the individual associated with it.[10]

[1] http://searchsecurity.techtarget.com/definition/data-breach
[2] https://www.itgovernance.co.uk/blog/three-quarters-of-companies-risk-serious-security-breach-from-ex-employees/
[3][4] IBM 2016 cost of data breach study UK.
[6] http://www.hrdive.com/news/report-95-of-employers-have-employees-who-breach-network-security/440485/
[7][8][9][10] http://www.itproportal.com/features/protecting-the-public-sector-from-cybercrime/