The 2019 Global Data Exposure Report asked more than 1,000 security experts about security. The respondents confirmed they had a security plan in place when they were breached. More than two-thirds of these breaches happened from the inside. When it came to clicking on links they should have ignored, 65% of CEOs and 78% of CSOs admitted guilt.
This report released one alarming trend. More than half of the breaches in the past year and a half occurred because of an employee. The hacker your company is afraid of could be on your payroll. Your own staff could be a reason you fall prey to a breach.
The Risk of Portable Information
Client lists aren’t just on paper anymore. They’re stored in online files. Your company’s payroll, employee information, budgets, designs, and other pertinent information is all there for anyone to find. If an employee decides to leave, you may not know that they’ve copied the files to a thumb drive and walked off with it. If you’re not being proactive, you’re putting yourself at risk.
A former employee who is unhappy could set up a way to access your files after leaving the company. It’s estimated that 63% of departing employees take data with them when they leave and use it at their new job. Almost three-quarters of employees feel the work they do for a company is their work, so they have a right to it. Protecting this information each time an employee leaves must be your priority.
A How-To Guide to Preventing Insider Breaches
When you have an employee leaving your company, you need to start looking at any information that an employee takes. Deleting the user’s name and log-in is just a start. You need to scour emails to see if any files were sent. Your company needs to have a system in place that is always checking activity on computers and servers. If you need to create a new team to do this all day, do so.
Invest in technology that looks at all requests to view data as a possible breach. When someone requests a file, the company needs to look at what was requested and how long it was accessed. If anything seems off, pull in that employee and ask questions. You may have to start setting time limits for access or restricting access unless the request is made from a specific workstation.
Hire responsible workers and have a contract in place. Pay for background checks to see if there have been problems in the past. Create a contract that makes it clear who owns work-related ideas and materials. Don’t just draft a contract from the internet, talk to an attorney who specializes in employment laws. You want to protect yourself and not infringe on your employee’s rights.
Keep your employees happy. It’s estimated that half of today’s workforce are looking for other jobs. If you’re doing everything you can to stay competitive and provide an enjoyable place to work, employee retention increases. If you make a promise about yearly wage reviews, keep that promise. Don’t put off the employee with weeks of “sorry, I don’t have time” statements. The employee is likely to feel hurt and questions the value of his or her service. You’ll end up with an employee who decides to leave your company, which increases the risk of information going out the door.
What Happens to Your Computers and Electronics?
Do you allow workers to take work laptops home? This is another way information may get stolen or breached. If that worker leaves the laptop open while at a coffee shop and walks to the counter for a refill, imagine what could be seen and stolen in that short time. You need to have strict policies in place and make sure workers agree to the rules. If they can’t, they shouldn’t be given work equipment to take home.
If they log in from home computers, do you know what security measures are in place? You need to. They need to use the same level of security at home that you have at work. Consider paying your IT department to set up worker’s home offices to meet your company’s security requirements.
When computers, printers, and other electronics are obsolete, dispose of them in a responsible manner. Don’t place an ad offering to give them away to any interested party. Take steps to make sure the data is completely erased and have the item refurbished by a professional. ERI Direct is a trusted authority in IT and electronics asset disposition services. ERI can destroy and items data, refurbish items for resale or reuse, and make sure nothing of value is left behind where it can be used for harm. Call ERI for more information.