Data security is an important part of running a business in the twenty-first century. With laws such as GDPR, and other data compliance laws across the world, ensuring your data is secure and not disclosed to unauthorised persons is a significant concern for many businesses.
According to a survey of business leaders across the world, data loss is a major fear. In developed economies like the UK and US, it is the number one concern.
The threat of fines and bad publicity might be two reasons why certain business leaders are looking to secure systems. Technology is helping to close the security gaps and this is making external threats less potent than they were before, but there is still one element which technology can’t solve and that is the internal threat.
Internal threats to businesses continue to concern IT leaders
One of the biggest concerns for IT leaders in business is the potential for employees to put data at risk. According to a survey completed by Opinion Matters for Egress, a data security firm; business leaders believe that employees can’t be trusted with data.
The study found that 61% of IT leaders were confident that data had been maliciously put at risk by employees in the past year. The 79% of the respondents to the survey had also stated that they believed data was accidentally put at risk by employees in the same period.
These figures were in stark contrast to the employees' point of view. Of the 2,000 that were part of the survey, 92% of them had stated that they would not have accidentally leaked data to criminals or anyone else. Interestingly, 91% of respondents had stated they had not done so intentionally.
This does seem to suggest that 9% of employees are actually willing perpetrators to data breaches. In a large company of 500 employees, that means that about 45 are leaking data to criminals or competitors.
The employee perceptive
The biggest challenge for business leaders is to get staff to realise what constitutes as data management. The survey found that employees often have a different sense of reality to what is actually the case. For instance, nearly a third of employees (29%) believe that they own data they’ve worked on.
In addition, 20% of those who have shared data on purpose, believed that they had the legal and moral right to do so.
Why do employees share data?
The survey also went into detail on why employees actually shared data. Nearly a quarter of employees did so because they were moving jobs and wanted that information with them. About 13% of employees stated they had shared data because they were upset or angry with their current employer.
The biggest reason why employees were sharing data, however, was because they felt they hadn’t the tools to do it securely. According to the survey, this was a view shared by 55% of respondents. The majority of these respondents were ones who could admit they had unintentionally shared data.
What can be done to protect company data?
The survey has highlighted three key areas which need to be addressed for businesses to secure company data. These areas are employee education on data, technology to protect data, and management to protect data from rogue employees.
Each of these areas needs to be addressed differently. The first two aspects are specifically for those that are accidentally sharing data. The report suggested that 8% knew they had already done it, but the view from IT leaders is much different.
The concerns of leaders would seem to be warranted. According to another study, 45% of employees had released data in emails. This report ignored other ways that data could have been lost. In this report, it was highlighted that half of employees were unsure how data should be sent in an email.
How can you improve employee education?
Employee education needs to be at the forefront of any action plan to help secure your data. This process should start immediately and needs to include several elements to readjust the mentality of staff. Firstly, staff must be told what acceptable data sharing is, who owns the data and the policies of the company in regard to sharing that data.
Secondly, they need to be taught how to share data in a secure environment. This might need to include processes to authorise others to see data.
Employee education needs to be a regular training fixture. People don’t have great memories. About 70% of everything we learn is forgotten in 24 hours, and 90% within seven days. So regular training on data security is vital to keep it secure.
How can you improve technology to help keep data secure?
Technology is one asset that you can invest in that can help staff to keep data secure. Cloud solutions are the perfect solution for top security because protocols can be added that restrict access to data. This doesn’t just mean restricting people looking at the data, but also editing, copying or deleting the data too.
This helps to prevent staff from accidentally or purposefully corrupting data. In addition, security protocols can be added so that data can be shared only with certain people.
Using technology, however, is only going to get you so far. There are always ways around technology and determined employees will find a way. Plus if certain people ignore your data security training, then it can make bypassing security protocols easy. That is why technology and training need to be combined in a strategy.
How can you prevent rogue employees from leaking data?
Rogue employees deliberately leaking data is a major concern. FIFA experienced a severe breach in late 2018 when employees leaked several documents to the press. Had there been proper data management in place, then the breach might not have happened.
Part of the process is to manage user rights on a continuous basis. If an employee is considered to be risky at a period, they need to have rights scaled back to the essential elements. This might annoy the employee and they might leave, but their departure is a small cost compared to the fine you can receive for a data breach.
This, of course, needs the participation of leaders. They need to recognise who might be upset with the company and to manage their frustrations in a constructive manner. Only then can you retain the employee and your data safe.
Manage the internal threat to your business
Too often, business leaders look to potential external threats. Yet some of the biggest errors are caused by the internal threat. With nearly half of employees leaking data in emails, and 9% admitting they are intentionally causing data breaches, you need to ensure that you’re closing security gaps to make it harder for these employees. Then you can be assured that you’re data compliant.