In-company data breaches can be the tip of the iceberg in 2014, if new reports are to be believed. Coca-Cola admitted earlier in January that a former employee, responsible for equipment disposal, removed 55 laptops containing sensitive information of 74,000 individuals over the years without being identified or noticed.
And it’s not just the private-sector businesses that should be worried about data breaches: the Privacy Rights Clearinghouse informs that government based organizations have seen a steady rise in data breaches caused by employees during the last four years to 2013. Device misplacement, BYOD unprotected data and employee judgment lapse are some other causes of insider data breaches.
Unfortunately you can’t simply plug these breaches… you need to take proactive steps to prevent your organization from being one of the casualties, some of which include:
1. Educating the staff
Educating employees is one of the keys to reduce insider data breaches. This can involve providing educational resources and products that teach employees about online and social media data protection.
A cyber safety seminar can also be conducted to teach employees about strong passwords and how to avoid malicious schemes like social engineering. You can also deploy a software solution that self-educates employees on weak passwords, keylogger attempts etc. (the prevention of the hacking incident can go beyond fulfilling the cost of the software).
2. Manage BYOD policies
The number of organizations asking employees to bring their own smartphones and tablets to work is on the rise, but only a few of them have considered device data breach protection. The loss of portable gadgets such as USBs, tablets and laptops have already resulted in huge fines for private sector companies, government organizations and social service departments.
3. Empower employees
Sometimes even with adequate education employees can fail to protect sensitive company data, but you can ensure they go out of their comfort zone to address the issue by empowering them to take action.
A good idea is to have a written policy in place that dictates the expectations of top level management from employees: how they should prevent data breaches and take action if an issue arises. You can also get them to sign a statement that acknowledges they will take cyber security as a personal responsibility.
4. Conduct regular audits
Periodic assessment of risk can point out how a change in operations and business models alters liabilities and risk levels. The action will also help in determining whether new areas of risk have been acquired or internal audits will be enough to accomplish risk levels.
Also, if you bring in a third-party for a secondary audit, carefully read their policies to ensure they comply with your company’s best practices when it comes to data confidentiality and information security.
5. Update systems regularly
Employees are often blamed for in-company data breaches, but another root cause is the outdated software and systems. The unpatched systems are a weak spot to be exploited, so it is important to keep all hardware and software patched and updated.
Preventing in-company data breaches is an important endeavor in any data protection strategy. These measures may not be a magic bullet against data breaches, but they will certainly restrict the level of unidentified access and minimize risks.