Data breach – two words that strike fear in the heart of every business owner. While hackers are often the criminal culprits, most data breaches have some in-office component, whether malicious or unintended.
Data breach – two words that strike fear in the heart of every business owner. While hackers are often the criminal culprits, most data breaches have some in-office component, whether malicious or unintended. That’s why the importance of knowing who within your organization has access to vulnerable information and what they may be doing with it cannot be overstated.
This may seem a rudimentary question, but how well do you know your employees? You may have done background, CORI, etc. checks when they were first hired, but what has been done to reaffirm those good reputations lately? Life situations are fluid and can have a great bearing on personal financial needs – and having access to classified information can become an illegal treasure trove.
We are increasingly seeing data breaches as a result of social media. Dating sites, as example, may have absolutely nothing to do with the workplace, but by putting certain information out into cyberspace, an employee could be exploited. Social media profiles typically include place of employment, professional status and much more. If a staff member is using a dating site, a hacker may make a connection as a ruse to target your company.
The risk for human error is significant, with lost, misplaced or unlocked devices containing passwords and other sensitive information high on the list. Systems that are not updated regularly, incorrect disclosure procedures and default user ID usage also rank high on the offender roster. Here is where educating your staff comes into play.
It’s essential to develop policies and procedures to prevent data breaches, particularly in view of the constantly changing landscape of cybersecurity. Employees should also be warned of new risks as they arise, such as phishing scams or visiting suspicious websites that might contain malware. Educate employees on the appropriate use of organizational technology. This includes when, where and how to log in to accounts, how to check their connection to ensure it is reliable and secure, and when not to use devices. If employees have sensitive company material on their mobile devices, those devices should not be set to “automatically connect” to the closest available Wi-Fi as this can open the door to potential data theft.
Clearly, the most effective way to minimize risk is to limit data availability. Grant access to at-risk information only to those in your organization who need it to perform their job or on an as-needed basis and then rescind access as soon as no longer needed. And, purge data sooner than later…and often.
Yes, it’s true that data breaches can enter via systems, but remember, people are behind those doorways!