Maybe this is of no surprise to you. But to many, the fact that cloud platforms were responsible for more than half of data breaches was alarming. Leading to one very important question: is your data safe?
The answer to this question is a little more nuanced than simply a ‘yes’ or ‘no’.
When it comes to identifying a root cause to data security, often it’s not having teams that follow a standard security policy—in particular when it comes to using and implementing collaboration and productivity tools.
Your cybersecurity insider threats are growing.
When it comes to insider threats—those individuals that work within the confines of your offices that end up (often unintentionally) leaking data or letting in viruses that might shut down your entire network—businesses large and small are suffering from teams not really understanding what their role is in protecting their and your data.
Over the past ten years, IT support teams have helped implement collaboration tools that all in all make teams more productive. The problem we might not have had to face at the time was that these tools are an easy entry for cyberattacks.
In 2019, of businesses that reported having a data breach, more than 65% identified that an employee played a part in that breach or attack.
Let’s take a minute to think about that. Think about the people on your staff.
Is there someone (or perhaps a handful of someones) that come to mind? If half of our workforce are prone to enable or somehow be a part of a cyberattack—not actual maliciously attacking or stealing from your business, but simply following simple instructions like clicking on links or forgetting to update passwords—don’t you think you might have at least someone on your team prone to fall for an attack?
Think about the following scenario for a minute. Jan just left a meeting where her manager told the entire team that they had to work harder the next quarter. Their output was not keeping up with client demands and some clients were leaving as a result. Jan was told that she had to up her gain—increase the number of reports she put out by 35%!
Faced with more work and less time, Jan tried to figure out ways to make her work easier. Instead of logging into a secure portal to do her analyses (this was company policy), which was slow and cumbersome, Jan decided she’d download materials onto her computer and work directly from her laptop.
Think of all of the client data now on Jan’s computer. If she were in healthcare, she might have medical data, personal diagnoses, Social Security Numbers, or other damaging information that would qualify for a breach and HIPAA violation if her laptop were compromised.
If she were in a financial field, she might have proprietary information or banking client information that might violate either PCI or FINRA standards. I’m sure you have some concern in your business as to where data is going. What if she were in HR and was running your team’s benefits? Or in accounting?
If Jan were to simply walk into a coffee shop, connect to the free Wi-Fi, end up connecting to a hacker’s signal, she might ultimately be letting the hacker access her machine and all of the sensitive information she’s accessed from it.
Security experts are saying on of the most common data security threats in 2020 will be your users trying to make their jobs easier, leaving your vulnerable to lawsuits, additional cyberattacks and a bad reputation.
How to resolve this conflict between easy button and keeping data safe?
Have a clear policy—review your security expectations with your team regularly. Make sure everyone understands what is being said and the Do’s and Don’ts to accessing and using data within your organization.
Understand the why—more important than the policy, get your teams to understand why those policies are in place. Explain with context as to what hackers are doing and give clear stories as to why certain habits or practices put their data at risk.
Get them interested in protecting their identities—to get people on board with data security, one of the easiest first steps is making sure they have good personal habits outside the workplace. That means updating and maintaining secure passwords, implementing two-factor authentication on bank accounts, understanding what information they are sharing publically and keeping track of their personal assets. If they have a good handle on personal security hygiene, they will be better off at work, too.
One last word: security is a marathon not a sprint. We are never going to get to the end needing to come up with better ways to protect our networks and our data. The key is knowing what is wrong and prioritizing to get those things fixed.