U.S. data breaches reached a record high in 2014, increasing nearly 30 percent over the previous year. Forrester predicts that, in 2015, at least 60 percent of enterprises will discover a breach of sensitive data. When it comes to data theft, it’s easy to point a finger at increasingly sophisticated outside hackers. You may be surprised to learn, however, that accidental data sharing by employees now releases more sensitive data than software vulnerabilities. Malicious employee data theft is also on the rise.
Are you staffing your biggest data theft threat? To help you determine where your risks may lie, take a look at these recent statistics:
- According to a Kaspersky Lab survey, accidental data leaks by staff, which were reported by 29 percent of all businesses, are now the biggest source of lost data.
- BAE Systems reports the average employee sends and receives about 110 emails each day or 29,000 emails per year. One in every 20 of those emails contains “risky” data, which means at least 1.5 million risky emails per year should be reviewed, blocked, encrypted or archived.
- Several surveys have found that Millennials are generally much more concerned with productivity and convenience than security, to the point in which IT directives and “clunky security mandates” are often ignored. This has led to the generation to be dubbed by CIO Magazine and others as “Generation Leaky.”
- But, as Former U.S. Secretary of State Hillary Clinton proved last month, it doesn’t take a Millennial to skirt around technology protocol. The trend of using personal devices—including servers even in the workplace—is evolving from the fun moniker “BYOD” (bring your own device) to the more sinister-sounding “shadow IT.” And some of the biggest culprits? C-level executives.
- According to the Experian 2015 Data Breach Industry Forecast, employees and negligence are the leading cause of security incidents but remain the least reported issue.
- That same Experian report cites that U.S. companies reported $40 billion in losses from unauthorized use of computers by employees last year.
At the root of many of these accidental breaches is, of course, the growing culture of BYOD and “shadow IT” in the workplace. With employees accessing confidential company information from personal smartphones, laptops and tablets…there’s bound to be trouble.
“When it comes to accidental data leaks, it’s ideal to be aware of all devices your employees are using to access company data, and to takes steps to ensure these devices are secure with anti-virus, encryption and passwords that are updated regularly,” explains Patrick Wiley, president & COO of Houston-based technology management, consulting, and outsourcing company Aldridge.
“Of course, that’s not always realistic,” Wiley says. “So respect your employees enough to create a policy and explain to them the vulnerabilities they may be introducing with their use of personal devices. Arming your employees with awareness is probably the most productive thing that you can do. If you receive push-back on the policy, listen to concerns and look at updating it as technology and productivity tools evolve.”
For more on accidental employee data leaks, take a look at these resources:
- Five Strategies for Email Data Loss Prevention (white paper by BAE Systems Applied Intelligence)
- Example of Employee Accidental Data Leaks: Half of Enterprises Have Employees Accessing Dating Apps on Work Mobile Devices (infographic by IBM Security)
- Worst Passwords of 2014 (article and infographic—shown below—by SplashData)
What about malicious employee data theft? A report by AlgoSec found that almost two-thirds of information security and IT professionals rate malicious insider threats as their greatest data security risk. But big breaches like the Sony Pictures hack are usually outside jobs, right? Not so fast. It’s rumored that the latest, now-infamous Sony hack—which allegedly leaked not only emails but sensitive employee information like social security numbers, birthdays, addresses and salary history—was an inside job.
“Much of the malicious employee data theft that happens often occurs hours or even weeks after employment is terminated,” Wiley points out. “The best way to combat this is to have a policy in place to block access to all accounts immediately, and most importantly follow that policy! Obviously this includes email, but it also includes access to servers and often-overlooked cloud-based tools and applications like Google Docs, Dropbox and even corporate social media accounts.
When was the last time you took a closer look at who’s sharing your data? Do you have policies in place? Share your thoughts with us – we’d like to know.
Main Image Copyright: 123RF Stock Photo
Infographic Copyright: Splash Data