5 Ways To Prevent In-Company Data Breaches

Media Division | February 25, 2014

In-company data breaches can be the tip of the iceberg in 2014, if new reports are to be believed. Coca-Cola admitted earlier in January that a former employee, responsible for equipment disposal, removed 55 laptops containing sensitive information of 74,000 individuals over the years without being identified or noticed.

And it’s not just the private-sector businesses that should be worried about data breaches: the Privacy Rights Clearinghouse informs that government based organizations have seen a steady rise in data breaches caused by employees during the last four years to 2013. Device misplacement, BYOD unprotected data and employee judgment lapse are some other causes of insider data breaches.

Unfortunately you can’t simply plug these breaches… you need to take proactive steps to prevent your organization from being one of the casualties, some of which include:

1. Educating the staff

Educating employees is one of the keys to reduce insider data breaches. This can involve providing educational resources and products that teach employees about online and social media data protection.

A cyber safety seminar can also be conducted to teach employees about strong passwords and how to avoid malicious schemes like social engineering. You can also deploy a software solution that self-educates employees on weak passwords, keylogger attempts etc. (the prevention of the hacking incident can go beyond fulfilling the cost of the software).

2. Manage BYOD policies

The number of organizations asking employees to bring their own smartphones and tablets to work is on the rise, but only a few of them have considered device data breach protection. The loss of portable gadgets such as USBs, tablets and laptops have already resulted in huge fines for private sector companies, government organizations and social service departments.

Your IT or HR department can establish a BYOD privacy policy that guides workers on their device responsibilities: for example, specifying the type of information that can be stored on particular devices and company accounts that can be assessed from personal devices.

3. Empower employees

Sometimes even with adequate education employees can fail to protect sensitive company data, but you can ensure they go out of their comfort zone to address the issue by empowering them to take action.

A good idea is to have a written policy in place that dictates the expectations of top level management from employees: how they should prevent data breaches and take action if an issue arises. You can also get them to sign a statement that acknowledges they will take cyber security as a personal responsibility.

4. Conduct regular audits

Periodic assessment of risk can point out how a change in operations and business models alters liabilities and risk levels. The action will also help in determining whether new areas of risk have been acquired or internal audits will be enough to accomplish risk levels.

Also, if you bring in a third-party for a secondary audit, carefully read their policies to ensure they comply with your company’s best practices when it comes to data confidentiality and information security.

5. Update systems regularly

Employees are often blamed for in-company data breaches, but another root cause is the outdated software and systems. The unpatched systems are a weak spot to be exploited, so it is important to keep all hardware and software patched and updated.

You can make system updates a part of employee cyber security training as well as incorporate them in the privacy policy. And also make sure you not only limit patches and updates to operating systems, but also extend them to all software suites used by employees and management.

Preventing in-company data breaches is an important endeavor in any data protection strategy. These measures may not be a magic bullet against data breaches, but they will certainly restrict the level of unidentified access and minimize risks.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.