Partner Article
Protecting data against the human factor
In today’s modern age there are many threats to a company’s data security. These threats can not only cause financial damage, but can seriously dent the reputation of the business in question. Recent research by industry analysts Gartner outlined that “by 2016, 20 per cent of CIOs in regulated industries will lose their jobs for failing to implement the discipline of information governance successfully”. 2014 has already seen a number of examples, such as Target’s massive data breach, and the situation isn’t going to get better any time soon.
We usually associate such data breaches with external factors, such as third parties maliciously obtaining information via a data hack or theft. However, research by the Poneman Institute has shown that human error is often to blame for the majority of data breaches that occur.
While there is the odd occasion where an employee has deliberately compromised company data- take the incident of a Morrison’s employee that was charged for stealing payroll data- the majority of breaches are often the result of an honest mistake. A lot of this stems from a lax attitude to security. We recently conducted research which highlighted that an overwhelming 23% of employees don’t believe that the security of their company’s data is their responsibility. Even more worrying is that only 63% said that there is a formal procedure in place when a device is lost, with a further 30% claiming there are no personal penalties for losing a work device.
Such an attitude makes it extremely difficult for IT decision makers; while you can apply the latest technology available to control data, ultimately the weakest link may be the psychology and personal preferences of individual members of staff.
With this ‘human factor’ being the weakest link, training and education needs to become a priority. This starts with a comprehensive data security policy, and strong leadership from the top. Staff need to be the first line of defence when it comes to IT security, and this will only be achieved if each and every person fully understands the consequences of poor data protection. In addition to this, IT decision makers will have to make sure that they implement a robust device and data management solution. If a device is lost, stolen or otherwise abused, the IT team has to be in a position where it can manage the problem.
Every employee is an individual and can present their own unique risk to the company. With potential threat sources unpredictable, companies need to adopt a holistic approach to data security. Provisions must extend beyond a firewall and cover more than just hacking attacks. Security policies have to take into consideration each device brought into the office, as well as each end-user. Numerous solutions are available for companies seeking to keep their critical information safe, but this must work in tandem with the education of staff to create a robust, water-tight data protection policy.
This was posted in Bdaily's Members' News section by Stephen Midgley .
Our Partners
Understanding the impact of the Procurement Act
Is the UK losing ground in life sciences investment?
Construction workforce growth can't be a quick fix
Why it is time to give care work a makeover
B Corp is a commitment, not a one-time win
Government must get in gear on vehicle transition
Growing a biotech business in the North East
A legacy in stone and spirit
Shaping the future: Your guide to planning reforms
The future direction of expert witness services
Getting people into gear for a workplace return
What to expect in the Spring Statement