While Australian businesses are becoming increasingly savvy in preventing external cyber-attacks on their data, such measures have not translated to preventing data breaches by internal employee mistakes.
It’s a problem that has affected large corporations, world leaders and, embarrassingly, even web giant Wikipedia.
According to Robert Half's Cyber-security: Defending your future report, 64% of Australian CIOs say the number of detected security threats has increased compared with 12 months ago.
Yet while businesses are getting their act together on external cyber-crime, they are stumbling to prevent internal data breaches, with the same survey revealing 57 per cent of all internal cyber security incidents were caused by staff errors and/or omissions, and 50 per cent to a poor security culture.
Case in point: the personal details of world leaders, including US President Barack Obama and German Chancellor Angela Merkel, were mistakenly revealed by an Australian government official before the 2014 G20 summit in Brisbane. The government later described the embarrassing breach as an “isolated example of human error”.
Incidents like these can have disastrous repercussions for a business in terms of brand trust and revenue. Here are some steps you can follow to reduce the risk of data leaks due to human error.
Monitoring employee communications, such as email and social media usage can be invaluable to an employer. According to Malcolm Burrows, legal practice director at Dundas Lawyers, “Monitoring can help prevent illegal activity and inappropriate comments from being made on the employer’s computer or in the public domain that could be potentially damaging to the company.”
By keeping an eye on usage, not only can you protect your company from accidental breaches, but it can also help prevent data theft by employees. Just ensure that you have a formal monitoring policy in place so that employees are aware of the consequences of inappropriate usage.
Train and educate your employees about human error
Many internal breaches can be prevented by ensuring employees understand the best practices and behaviours your business expects online.
By introducing an up-to-date, company-wide policy that clearly defines the parameters of acceptable and unacceptable conduct – such as personal email and social media usage, bring your own device policies and other technology issues – you should be able to reduce the risk of, and eventually stamp out, any possibility for human error.
Think about who has access to your data both internally and externally. Make sure your employees understand the implications of passing on data to third-party suppliers and that there is a process in place for vetting firms that may require access to your company data. Also re-examine who in your business has access to internal passwords and restrict access to limit the possibility of data leakages.
Think about IT security trends as an ongoing educational process and review it regularly with your employees.
Protect against breaches
Minimise the impact of any data losses via human error by ensuring all information is backed up and stored off-site, as well as creating a disaster recovery and business continuity plan specifically for cyber-security incidents.
It is also important to educate employees about malware and phishing scams and to implement data protection tools that prevent sensitive documents leaving your business without authorisation. Online service storage applications like Dropbox and Google Drive also have their fair share of cloud security flaws. Careful consideration should be taken when deciding if their public server – or a private one – is appropriate for your business.
Invest in the best
Many businesses are realising the importance of IT security, with Robert Half research revealing 36 per cent of Australian CIOs predict it will have a great impact on the way companies do business over the next five years. In addition, 28 per cent of Australian CIOs are planning to hire additional IT security personnel in the next 12 months to fill the skills gap.
Having the right IT professionals in place to catch potential human error breaches, having the appropriate amount of back up, and encrypting data is key to protecting your business online. Your security systems are only as good as the quality of staff running them, so it is more important than ever to attract and retain the right technology talent. Good staff retention is an integral and worthwhile investment.
Protecting employees from themselves can be crucial in ensuring key business data is secured. Through appropriate education, training and monitoring, it can be possible to minimise the many risks of our modern, borderless cyber-space environment.