Data breach gives Morrisons food for thought
This week, UK supermarket Morrisons confirmed that one of its employees was behind the data breach of confidential information on employee salaries and bank account details. This is unlikely to be the sole instance of sensitive data being leaked by an employee. While companies can do as much as possible technically to avoid data being leaked, it is vital to educate employees about data security risks as well.
Many habits developed in personal device use are a liability for enterprises – which makes employees the single biggest security threat in terms of potential data leakage . However, for the CIO, it is not as easy as just implementing a secure mobility solution to keep data secure. As well as implementing a technological change, companies need to roll out a cultural change within the workplace.
Employees must have a better awareness of whether corporate data is secure or not. One of the greatest issues that organisations have to tackle is employees who send sensitive corporate documents to a personal email accounts. Once a document has been ‘leaked’, it is no longer under the control of the organisation, therefore its security can no longer be monitored.
The key reasons employees become data security risks are:
- Use of unauthorised programmes on corporate devices or hardware – which create gaps through which data can leak
- Transferring files between work and personal computers for working from home
- Password misuse – either sharing passwords, or using the same password for corporate and personal programmesâÂÂ
People will always find a way to use the device or application that they want, regardless of the security consequences. For this reason, they must be educated in using technology in a new way that also ensures data security in the workplace.
Some concessions are needed by the enterprise, of course. Familiarity – with the device and apps – is vital and supports the education on safe data and information security practices. If employees are offered a better user experience in a secure way, then they are less inclined to find ‘work-arounds’ anyway. Combined with security guidelines, enterprises can establish secure mobility without exerting heavy controls.
A containerised approach to secure mobility does take away many of the opportunities for data leakage. Employees can make the most of a device in their personal time and no matter what they do with, the highly sensitive corporate data will stay securely contained within the device.
To make the most of this strategy, employees need to be enthusiastic about it. Usability and behavioral education are the only way to get this buy-in.