Considering recent high-profile data breaches, does it come as a surprise that employees are increasingly concerned about their employer’s approach to keeping data, including their own personal data, secure?
Our research conducted by technology research firm Loudhouse, revealed that 71% of breaches globally come from people in the extended enterprise, which is comprised of 39% employees, 12% ex-employees and 22% contractors. Additionally, 73% of employees report that they would never trust their company again if their private information were leaked.
What might cause said leaks? The changing workforce is putting new stress on IT, as more workers need remote access to documents on the road, or while working from home. This creates opportunities for hackers to invade. The rise of cloud collaboration tools to promote this increasingly flexible work environment, BYOD, as well as email and communications across many other locations, all create more work for IT. But it doesn’t all fall on IT’s shoulders. This also puts incredible responsibility on employers to create a safe environment to both retain their current employees and continue attracting new ones, as a data breach could dash their hopes of recruiting top talent.
Creating this safe environment has previously been the role of IT, but as policies change and workers, inadvertently or deliberately, create more risk, it increasingly becomes an HR issue. HR departments need to understand the risks their workforce poses so they can better manage it. New training and education is required when workers are hired, to make sure they understand how to manage changing security risks. Because risks change, education and awareness are not a one-off, they need to be updated or refreshed regularly, especially for those who are most at risk, such as people in the finance department. As new working practices and technologies, such as cloud collaboration tools, are introduced, both remote and office-based workers need to understand how to use them without putting the company or themselves at risk.
These days, IT and HR must join together to tackle these issues, provide a safe environment for the extended enterprise and minimize risks. With HR and IT as a united front, they can address the issues that the extended enterprise and increasingly mobile work environment pose by collaborating on polices, such as those for DLP, educating staff on them and fostering the safest environment possible for both workers and the company as a whole. Security has become as much about training (68% of security experts think the most important way to minimize risk is training) and dealing with people in and around the organization, as it is about the technology deployed. Without the understanding of why the technology is being deployed, there is often a tendency to work around it which ends up putting the organization at a greater risk than it was previously.
Just as important as training staff, is choosing a solution that suits the needs of your organization. Traditional data loss prevention technologies that stop and block information from leaving the company reduce risk, but are cumbersome and often stall productivity. The result being that they are turned off or just report on breaches when they occur, leaving the company at risk. New data loss prevention products can redact sensitive data from within documents before it leaves an organization without putting a halt to workflow, allowing communication to continue with sensitive data automatically removed.
As dealing with data security becomes a more complex inter-departmental challenge, it becomes increasingly important to understand how data moves around the organization and how people interact with it, as well as employees’ expectations of what the company is doing to secure it. Only by understanding this can companies take a strategic approach, which brings together IT, HR and all others who play a part in to keeping data secure.
With this research, we are changing the game for IT decision makers and HR by giving them the detailed intelligence about insider threats they need to create a game plan for combating both honest mistakes and malicious attacks. Our understanding of the insider threat has enabled us to develop unique adaptive DLP solutions that address the need to offer information security without compromising business performance or scaring away top talent.
HR and IT policies, when combined with effective DLP solutions, like our Adaptive Redaction technology, can be the one-two punch that can both make your employees feel secure and keep your IT pros sleeping soundly at night.
To get started now, go through and tick all the boxes below. HR should carry out these activities in conjunction with IT and the rest of the business.
| Rapid Action Checklist | |
|---|---|
| ☐ | Check and revise Information Security policies. Ensure they support current business practices and expectations. |
| ☐ | Check and revise acceptable use policies to include Social Media (protect the reputation of your firm). |
| ☐ | Ensure policies are communicated out – from the top to the bottom of the organization. |
| ☐ | Ensure there is new-recruitment training on Information Security, as well as potential ‘refresher’ courses for the rest of the workforce. (Remember, that even long term employees will need refresher training on a regular basis.) |
| ☐ | Look at Information Security Certification for key employees. |
| ☐ | Ensure that HR is part of any data-breach incident process / team, especially for internal breaches – whether malicious or inadvertent. |
| ☐ | Ensure disciplinary process is documented for employee based data breaches, both malicious and inadvertent. |