18, November 2016: Many organisation’s data protection systems, access control mechanismsand physical access barriers are designed primarily to protect a company’s critical data from external risk. Yet the most significant threats to sensitive data come from those who are readily trusted by an organisation – their employees!
Employees and trusted contractors alike are often placed abovethe controls and defences that protect sensitive data within an organisation. With staff able to access all data stores and given a full set of modern communications tools from E-mail to Facebook on their desktop. This open environment coupled with an all too frequent lethargic management mindset towards internal data security,can make insiders a severe risk.
The Identity Theft Resource Center (ITRC) reports that data breaches are up by 16% year on year, so it is more important than ever for organisations to be vigilant of insider threats.
Here’s a rundown of three of the most severe insider risks.
1 – Lack of control overuser access
The most critical insider attacks often occur because of a lack of control over who has access to confidential data. Companies are often unaware – or have little control – of where their sensitive data is and as a resultwhohas access to it.
To combat the problem of not knowing what you have and where it is it is not uncommon for organisations to allow employees to have free access to all data. The result is untrained staff with access to sensitive data often about areas of the business that they have no knowledge about
A recent case at the National Security Agency (NSA) saw a contracted employee arrested and charged with stealing classified data on the US government’s surveillance efforts. This sagareally underpins the importance of protecting data against insider threats.
2 – Poor management mindset
Our recent survey looking at deployment and attitudes to data classification reveals that many of the world’s leading organisations have a poor attitude to the security of personal data. The survey revealed that just 31% of companies are concerned about the volume of data they need to protect.
Consistently growing data volumes mean that organisations are struggling to understand where their sensitive information is located, with inadequate policies for how that sensitive information should be handled.
3 – Inadequate data security strategy
With many organisations clearly suffering from incomplete controls to detect and prevent the inappropriate transmittal or disclosure of sensitive information, the insider threat risk increases.
Data classification is at the heart of any data security strategy because without understanding the value of the information and where it is located, it is impossible to implement a comprehensive data protection program.
Data classification technology, like Boldon James Classifier, provides a way of educating employees about the sensitivity of the data they are creating, sending and storing. Employees have the best idea of the criticality and sensitivity of the data and by classifying and labelling data according to its sensitivity, organisations can reduce the risk of insider threats.
Martin Sugden, Managing Director at Boldon James, comments: “People can be either the strongest or the weakest link in a company’sinformation security chain and the need to ‘Trust but Verify’ your user’s behaviour is critical. The new EU GDPR rules mandate companies being able to demonstrate compliance. Being able to identify potential threats and security issues before they arise is at the top of the priority list for any organisation.”
For Media Contact:
Boldon James Ltd,
Cody Technology Park, Ively Road,
Farnborough, GU14 0LX