Data breaches have increased in distressingly numbers in recent times and a major portion of these breaches have been linked with employee negligence. The Cost of Data Breach Study: United States, conducted in 2011, states that insider negligence is the number one cause of data leakage and the total cost translated into a $5.5 million loss a year ago.
Another analysis in the case of Verizon’s 2013 Data Breach Investigation report reveals that attackers are using social engineering and phishing attacks, but they are not creating new accounts. In fact, their techniques are convincing employees to compromise company data credentials, and brute force attacks are also being used to gain access to the network. In the latter case, the hackers are preying on weak passwords set by untrained employees.
With more business data thefts being linked to careless employees, it can make you wonder whether employees should be trusted with business data, or whether the owner should take extra responsibility of ensuring internal compliance.
While the above-mentioned statistics do reveal a linkage between employee behavior and data breaches, the solution lies in… trusting the employees.
Trusting the cause of the breach?
Well, there are limited options, especially in the case of large corporation because it might not be feasible for the owner to take up the sole responsibility of protecting business data.
And here’s the thing; employees who have been properly trained and are well-versed in business security protocols can actually reduce security breaches.
As mentioned in the Verizon case study analysis, the major vulnerability was related to the weak passwords set by employees, but if they’re given adequate training (and are taught that companyname123 isn’t going to cut it), it can significantly improve company security. This is primarily the reason why companies are often recommended employee training for data protection compliance.
Some of the additional things employers/company owners can do to enhance data security when employees are involved include:
1. Monitoring and protection
Trusting employees doesn’t mean that their activities go un-monitored or other measures shouldn’t be taken to avoid risks. There should be a company-wide employee monitoring policy that should be updated frequently depending on how well the staff complies with security protocols.
Also, data center security becomes important for businesses operating in virtualized environments. This is because new viruses and malware may be able to reach servers despite the adoption of security measures by employees, and by the time they take action with emergency patching, it might be too late. Therefore, deployment of programs that increase VM densities can be an appropriate option.
2. Guidance on public access
Unauthorized access refers to guiding employees to avoid opening company accounts on public networks. Anchorfree, hotspot security specialists, surveyed 2,203 US travelers about what they thought about public Wi-Fi and security. The results indicate that 4 out of 5 were worried about data theft when using public Wi-Fi.
Therefore, employees should be strictly asked not to open any company account, and even their personal accounts linked to company credentials.
3. BYOD training
The rising trend of BYOD means that employees are storing company data on mobiles and tablets. This can lead to several problems, such as old data being compromised, or the privacy of the device being breached because of a malicious application. Cloud storage, according to www.trendmicro.com, is of particular concern. It is important that, if you have a BYOD policy for your company that you secure your cloud servers as well as requiring your employees to secure their devices.
In this case, employees should be taught to adopt the required security provisions on their devices in order to make sure that the data synced, sent and received is encrypted.
Where do your employees stand when it comes to business data security?