Lost data is expensive. According to Pymts, reporting on a recent Ponemon report, the cost of a "compromised record" rose 6% from $145 to $154 last year. In isolation this isn't much, but Ponemon found that on average the total cost of an average data breach is now $3.8 million. While hackers, malware infections and even hardware failures account for some of this data loss, the biggest risk for organizations comes from within: Employees. In most cases this isn't malicious; staffs simply don't know where they're making mistakes. Here are four key questions — and answers — to help empower your employees.
How is it shared?
The biggest risk to sensitive files is improper sharing. According to Computer Weekly, six in 10 employees said they had "often or frequently accidentally forwarded files to individuals not authorized to see them." E-mail is the most likely culprit, although users also leverage public-file sharing services and social sites to quickly disseminate data and help enable collaboration.
By and large, these services don't support encryption, meaning that malicious actors can easily "listen in" on e-mail conversations or grab data mid-transit. Your best bet? Establish a clear policy about how data can be shared and what types of files can be attached.
Where does it live?
For employees, "where" data lives doesn't matter so long as it's easily retrieved on demand, but differing platforms come with varying levels of security. Typically, the safest data lives behind corporate firewalls on local servers where IT administrators can easily monitor the ebb and flow of information. When data is moved or stored using other platforms, such as the public cloud, IT visibility is limited. As a result, it's easy for files to become corrupted or shared more broadly than intended. To solve this problem, educate employees about what type of files must stay within corporate walls and define specific resources to assist if staff has a question about what's permissible in the cloud and what's not.
Why is it protected?
Sensitivity of data is also an important factor in keeping files safe and secure. Consider an industry such as insurance, which deals with a variety of personal and non-personal information about clients. Data used to create large-scale demographic sets or identify broad trends isn't as sensitive as customer data such as name, date of birth, vehicle details and number of accidents. To account for this disparity, some data is afforded greater protection to limit the risk of accidental compromise. Effectively educating staff means training them to recognize and classify these different types of data, in turn producing a logically segmented file system, which naturally protects critical data.
Who needs access?
Finally, it's important to identify who has access to a given file and why. Ideally, companies should limit access to employees actively working with specific files on a day-to-day basis. Even executives who aren't on these project teams should be kept at arm's length. Why? Compliance. Industries such as health care, insurance and legal are now under intense scrutiny from government agencies to ensure that data is properly handled from creation to transportation to destruction.
In Canada, for example, insurers must comply with the country's anti-spam legislation. If employees with access to consumer data start sending unsolicited commercial electronic messages (CEMs), the organization could face a hefty fine. Bottom line? Companies need to limit access to ensure compliance.
Want better data safety? The answer lies in training staff to ask the important questions: How, where, why and who.
Martin Johnson is the senior director of marketing and demand generation at Elastica, which provides cloud application security services.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
