Defending Corporate Data in Spite of Employees
Defending Corporate Data in Spite of Employees

Almost 95% of IT security breaches can be attributed to some kind of human error. They say “to err is human,” and this definitely holds true for IT security. Thankfully, there are steps organizations can take to defend corporate data from employee mistakes.

I recently wrote an article on Defending Corporate Data in Spite of Employees for Computer Technology Review, an article which explores just how and why employees are putting data at risk and how organizations can take steps to protect corporate data.

Laptops, smartphones and tablets have given rise to a mobile workforce that continually challenges IT, who must balance the demands of productivity with data security. Accessing sensitive corporate data from outside of the company’s physical network increases the exposure and potential risk of a data breach.

Mobile devices have become obvious targets for cyber criminals, both for the data they contain and as a means for further attack on the organization. So, what can IT do to protect them? In the article, I outline the following steps:

  • Implement Formal Employee Policies – while human error is inevitable, education and training can prevent some breaches or help organizations address potential breach situations more quickly. IT infrastructure can ensure employees stay on the straight and narrow. BYOD, MDM, and general use policies will provide staff with clear expectations and steps to follow when it comes to using devices that access the corporate network or what to do if a device is at risk, including freezing a device or wiping it clean.
  • Encrypt Your Data – this is your “front line” of defense, but you must be able to prove encryption was in place and working in order to satisfy compliance auditors. Encryption is not infallible, so this next point is important:
  • Take a Layered Approach to Data Security – on networks, endpoints and corporate data. The more layers of defense you have, the better.

Earlier this year, my coworker Stephen Midgley explored the idea of there being “5 Employee Typologies” that can help organizations understand the risks posed by employees when it comes to data use and devices and help guide your policy to address these risks. You can read the full article here.

The human condition tells us that despite our better judgment, we will continue to click on unidentified links, misplace our devices, and share our passwords. With the proper training and IT support, backed with persistence technology, we can do our best to offset this behavior and have precautions in place to reduce the risk of a data breach.