However, a new report (by the Ponemon Institute, sponsored by Trend Micro Inc) states that’s not how data thefts happen. According to “The Human Factor in Data Protection”, over 78% of respondents blamed employee negligence or maliciousness for data breach problems.
The 3 top reasons for data breaches:
- 35% of employess lost their laptop or other mobile data-bearing devices.
- 32% of employees had a 3rd party mishap or flubs.
- 29% of employees had a system glitch.
Nearly 70% surveyed (709 U.S. IT & IT security experts) either agreed or strongly agreed their current security system could not ward off a hacker attack.
56% said even if employee’s mistakes are accidents, data thefts were discovered accidentally!
What makes data thefts hard to detect?
Employees who created data protection problems only confessed 19% of the time!
When employees don’t make a confession, it makes the problem harder to detect!
37% of those surveyed discovered IT problems through an assessment or audit. But, only 36% were alerted about IT problems by their data protection technology.
Additional findings in this report:
- Businesses with 100 employees or less have 81% of their employees mishandling sensitive information. Businesses with 100 employees or more had 78%.
- Businesses with 100 employees or less were more likely to have “risky” behavior problems
- 58% will or have already opened attachments or web-links with spam.
- 77% will or already left their computers unattended.
- 55% were likely to visit off-limit websites.
- Businesses with 100 employees or less are less likely to protect data or have in-house technology to prevent theft
- 62% of employees believe their business is not protected.
- 65% of employees believe data protection is not available because it’s too expensive.
- 54% of employees believe data protection technology is too complex.
But, small business IT problems aren’t all the employees’ fault.
65% of sensitive small business information is not encrypted or safeguarded by data loss protection technology.
“The Human Factor in Data Protection” offers the following tips on how to protect your company against human errors:
- Understand that in this post-PC era where data and devices are often exposed, organizations need to approach security with a new mindset, putting the focus on “data-centric” security that integrates threat and data protection capabilities within a unified framework so that companies know who is accessing what data, when, where and how.
- Create awareness among employees and other insiders about the need to spend more time and effort on data protection activities.
- Ensure data protection policies address areas where an organization is most vulnerable to a data breach.
- Investigate governance and technology solutions that are both efficient and cost effective, such as email based data loss prevention, email encryption and secure file sharing.
- Make sure those who are given privileged user status are knowledgeable about the risks.
- Require immediate notification if a mobile device containing sensitive and confidential information is lost or stolen.
- Create policies for the use of social media in the workplace.
Always remember, just like charity: the real key to your corporate cyber security begins at home!