Your employees have access to confidential data – Here’s why it pays to protect it
Here, Adam Bennett, Security consultant at Digital ID tells small business owners how to protect their valuable data.
In businesses today, around 97 per cent of all documents are created and stored electronically.
This represents a vast amount of data — and within this data lies the information that gives each of those businesses a competitive edge. If this data were to fall into the hands of a competitor, it could spell the end of a business’ viability.
Whilst most businesses are now well aware of the importance of security, many are unaware that one of the biggest threats comes from their own employees.
In the 12 months from June 2015 to June 2016, 69 per cent of organisations in a survey conducted by Accenture “experienced and attempted or realised data theft or corruption by corporate insiders”.
Meanwhile, 59 per cent of employees who quit or are asked to leave their job take confidential or sensitive business information with them upon their departure.
Though big businesses have begun investing in security measures, it is smaller companies who have the most to lose — and who, sadly, are the most prone to attacks.
In 2013, over 60 per cent of all online attacks were directed at SMEs. In addition, high employee turnover rates amongst fast-growing startups mean that they are disproportionately affected by data theft.
This problem is exacerbated by the high rates at which departing employees take company data: 85 per cent admit to taking documents and information that they had created, whilst 30 per cent admit to taking documents and information that they had not created.
Amongst the stolen data included a significant amount of sensitive information, including customer data, source code, and patent filings.
When the information at risk is vital for your company’s success, it’s imperative that you keep it secure. Figuring out exactly how to do that can seem like a daunting task. Luckily, there are a few tips to help you keep your business safe from data theft.
Change the culture
One of the key reasons why employees commit data theft is due to a lack of clarity over company policy, including a lack of understanding as to whose responsibility it is to protect sensitive data.
In a 2015 Cisco survey, 48 per cent of employees stated that they weren’t concerned about their company’s security policy. Meanwhile, 39 per cent said that they thought it was their employer’s responsibility to protect company data, rather than theirs.
It is of the utmost importance that all employees are aware of their responsibility to protect data. This begins by implementing a clear and well-publicised security policy, which sets out when employees may and may not use company assets and information.
Your employee handbook should leave no doubt as to what is and is not acceptable regarding company data, including ownership of data created by a specific employee, whether it is acceptable to use a personal device for company policy, and where confidential data can and cannot be stored.
Importantly, employees need to be aware that they are responsible for business data security.
What an individual does from day-to-day could have a serious impact on the security — and in many cases, the viability — of their entire company. It’s therefore crucial that these behaviours benefit the business, and don’t expose it to unnecessary risks.
Company directors should take the lead in this cultural shift, and must ensure that policies are clearly communicated to all members of staff. It is the duty of all employees, however, to create a culture of security.
Whilst implementing policies conducive to data security is key, it remains the case that some employees will still be determined to steal information from your company. To tackle this, it is therefore important that you have technology on your side.
In Accenture’s survey, 70 per cent of business claims that they lacked adequate funding to maintain their physical and cyber-security efforts. However, keeping your confidential data safe doesn’t need to be expensive. It may surprise you that some of the most effective solutions are also some of the simplest.
If employees are not set as administrators of their own computer, for example, they will be unable to install any software or hardware, preventing them from accessing some methods of data communication.
You can also prevent users from stealing information in hard copy by ensuring all computers are attached to a centralised printer.
Users should also not be allowed to copy information to CDs, DVDs or USB drives unless it is specifically authorised.
As a further step, you may also wish to deploy software to monitor how your employees are using their computers.
Many kinds of software already include inbuilt logging equipment — all you need to do is activate it. Alternatively, a company-wide ID card system can be put in place. Using this means you can restrict access to certain areas of the building, and quickly pick up on any suspicious activity and trace it back to an individual employee.
Adam Bennett is a security consultant for leading ID card retailer Digital ID