While many people believe that data breaches result from attacks by cybercriminals accessing networks and data from the outside, the greatest risk actually comes from the inside. It’s true: One study found that more than a third of data breaches are caused by unintentional misuse of data, which includes everything from sending sensitive data to the wrong person to clicking a link in a phishing email.
However, these accidents underscore the need to use data encryption, two factor authentication and other means of securing the perimeter of the network so when they do happen, they do not cost your company millions of dollars — as well as its reputation. Without it, certain common behaviors could spell disaster.
Sharing Files Over Unsecure Connections
Employees often store work files in cloud storage services or send files to personal email accounts to work on outside of the office. The problem? Most consumer level services do not follow the same security protocols as corporate systems, and employees are putting sensitive data at risk. Establish a policy prohibiting sending or storing data outside of the corporate network, and create a secure system that can be accessed remotely to maintain productivity.
Responding to Phishing Emails
Spearphishing, in which criminals target a particular individual or group in order to gain access to specific data, is prevalent in organizations. Criminals may target lower-level employees using emails that appear to be work related, in order to gain access to other areas of the network. Educate employees on how to recognize phishing messages, on both computers and mobile devices, and to investigate before opening or responding to suspicious messages.
Unauthorized Applications or Software
It’s common for employees to find an application or program that helps them do their job or stay organized, so they simply install it on their work devices without considering the potential security concerns. Configure employee devices to prevent the installation of unapproved software, and regular software audits should be a standard practice to ensure that unapproved or rogue programs aren’t creating vulnerabilities.
However, these accidents underscore the need to use data encryption, two factor authentication and other means of securing the perimeter of the network so when they do happen, they do not cost your company millions of dollars — as well as its reputation. Without it, certain common behaviors could spell disaster.
Sharing Files Over Unsecure Connections
Employees often store work files in cloud storage services or send files to personal email accounts to work on outside of the office. The problem? Most consumer level services do not follow the same security protocols as corporate systems, and employees are putting sensitive data at risk. Establish a policy prohibiting sending or storing data outside of the corporate network, and create a secure system that can be accessed remotely to maintain productivity.
Responding to Phishing Emails
Spearphishing, in which criminals target a particular individual or group in order to gain access to specific data, is prevalent in organizations. Criminals may target lower-level employees using emails that appear to be work related, in order to gain access to other areas of the network. Educate employees on how to recognize phishing messages, on both computers and mobile devices, and to investigate before opening or responding to suspicious messages.
Unauthorized Applications or Software
It’s common for employees to find an application or program that helps them do their job or stay organized, so they simply install it on their work devices without considering the potential security concerns. Configure employee devices to prevent the installation of unapproved software, and regular software audits should be a standard practice to ensure that unapproved or rogue programs aren’t creating vulnerabilities.
Poor Password Management
Passwords are often the weakest link when it comes to protecting your network. In fact, some security experts note that passwords are no longer enough to protect your data, and two-factor authentication is now the standard for network security. Not only are passwords vulnerable should the network fall victim to hackers, but employees are not always careful when it comes to keeping their passwords safe. The challenge of remembering several complex passwords might lead them to write them down and leave them in plain sight. They may store the passwords on an unsecured device, such as a laptop used in a public area. They might use the same passwords for work as they do for personal accounts. All of these behaviors put your network at risk, meaning you need strong password policies as well as a multifactor authentication program in place.
Human Error
People make mistakes. They might send an email containing confidential customer information to the right person. They may leave a database open when they leave their desk for a break or forget their tablet on an airplane. These things happen, but it’s up to the security team to have procedures in place that will prevent a data leak — or at least mitigate the potential damage. This includes everything mentioned previously, but also tactics such as limiting employee access to only those areas of the network they absolutely need. That way, if someone does make a mistake, you lessen the likelihood of a catastrophic breach.
Employees usually do not want to cause a costly data breach, but fail to realize that their behavior is often the primary cause of breaches. By protecting your network against the human element, you have a better chance of avoiding the repercussions of a significant leak.
Passwords are often the weakest link when it comes to protecting your network. In fact, some security experts note that passwords are no longer enough to protect your data, and two-factor authentication is now the standard for network security. Not only are passwords vulnerable should the network fall victim to hackers, but employees are not always careful when it comes to keeping their passwords safe. The challenge of remembering several complex passwords might lead them to write them down and leave them in plain sight. They may store the passwords on an unsecured device, such as a laptop used in a public area. They might use the same passwords for work as they do for personal accounts. All of these behaviors put your network at risk, meaning you need strong password policies as well as a multifactor authentication program in place.
Human Error
People make mistakes. They might send an email containing confidential customer information to the right person. They may leave a database open when they leave their desk for a break or forget their tablet on an airplane. These things happen, but it’s up to the security team to have procedures in place that will prevent a data leak — or at least mitigate the potential damage. This includes everything mentioned previously, but also tactics such as limiting employee access to only those areas of the network they absolutely need. That way, if someone does make a mistake, you lessen the likelihood of a catastrophic breach.
Employees usually do not want to cause a costly data breach, but fail to realize that their behavior is often the primary cause of breaches. By protecting your network against the human element, you have a better chance of avoiding the repercussions of a significant leak.