Today’s businesses are built on an infrastructure of sensitive data that is provided to them from their customers, from credit card details to addresses and dates of birth.
Data breaches and leaks are becoming more of a risk every day, but there are still many misunderstandings as to how they can happen. Oftentimes, the media reports of hackers that break into private accounts and steal personal data, however a lot of the time data leaks can be traced back to company insiders, usually as a result of a unhappy accident or structural flaw. It can be anything from human error to a ‘bending’ of the rules in your company’s computer network.
In order to prevent such issues from happening, it is important to first understand the difference between a data leak and a data breach.
A data breach usually comes about when a vulnerability is exposed by an attacker; this type of attack is carried out when the right security solution perhaps isn’t in place.
A data leak on the other hand represents the moment when Data can find itself in the wrong hands; for example a disgruntled employee who wishes to act maliciously towards the company. There are no obvious security holes with a data leak, instead is could a simple irresponsible action.
So what are the major weak spots to look out for when it comes to data leaks?
One: Human Error:
You may have invested a lot of time and money into security solutions that will prevent any data mishaps; however you will never be able to entirely account for human error. According to PWC’s 2015 Information Security Breaches Survey, 50% of the worst breaches of last year were caused by inadvertent human error.
Commenting on the results of another 2014 survey, ESET’s senior research fellow David Harley agreed that insider threats shouldn’t always be assumed as malicious. Mr. Harley said: “A very high proportion of security breaches are caused directly or indirectly by people inside an organization, whether it’s a matter of human error, susceptibility to social engineering, bad security management decisions, and so on. I’m not convinced that deliberate malicious action from insiders outweighs all those other factors.”
According to PWC’s 2015 survey, 33% of large organisations say the responsibility for who ensures Data is protected within a company is not made clear, while 72% of organizations where security policy was poorly understood had suffered staff-related breaches.
In order to prevent this, it is important to make sure that all staff become ‘cyber-aware’, perhaps undergoing training sessions to help educate staff. In addition, it is important to ensure that the keeping networks secure and protecting Data is a responsibility made important to every member of staff, rather than having just a select few specialists whom all responsibility falls upon.
Unfortunately, Data is not just stolen by outsiders hacking into your network, oftentimes, thefts can happen very close to home, by members of working within all different departments in your company.
OFCOM, the UK’s communications regulator learned this lesson earlier this year, when they discovered that a former employee had been surreptitiously gathering its third party Data over a period of six years. OFCOM only became aware of this Data theft after the former employee tried to pass it on to a new employee, who then alerted the company to the crime.
It is highly important to make sure that you only grant access to your companies’ sensitive data to those who really need it, and that those staff members are educated and ‘cyber-aware’. Storing all of your companies Data on one huge communal server can often result in unfortunate cases such as this one at OFCOM.
In contrast to this however, even when a employee has no intention of action maliciously towards your company or organisation, seemingly minor actions can completely undermine the rules and regulations you have put into place regarding Data security, leading to security breaches and Data leaks that can be very harmful to your company. For example, when an employee goes home after a day at work, and tells or even shows their members of family or friend about something that happened, giving away customer details / sensitive information in the process.
According to a 2014 report by Cisco, approximately one fourth of surveyed employees admitted sharing sensitive information with friends, family, or even strangers, and almost half of the employees surveyed shared work devices with people outside of their companies without supervision.
Although these behaviours may be completely innocent, it is effectively releasing Data out of a company’s control. Security settings and procedure can be introduced to limit this kind of activity, but even these kinds of measures can usually be bypassed.
These are the three main Data leak weak spots recognised by welivesecurity.com, we hope that this article encourages you to revise your data security within your company! If you are looking for a reliable and trustworthy data destruction service, trust XPO It to carry out the job right. With over 10 years of professional experience and an impressive portfolio of testimonials and official accreditations, you can have confidence in our services! For more information please check out our website at: https://xpoitservices.co.uk/