Gartner predicted that in 2016 95% of security failures would either be the customer’s fault or more worryingly, the fault of poor internal data protection policies. Whether it’s the consequence of a disloyal employee or an accidental misuse of technology, it’s critical to have procedures in place should your company fall victim to an internal security breach.
Sailpoint 2016 Market Point survey found that 1 in 5 employees are willing to leak data, with 30% admitting they would accept a cash bribe to release password information. Not all the findings pointed the finger towards malicious schemes, with 50% of the employees who were surveyed across Europe, the US and Australia saying that they use the same credentials across different applications, which is a natural human error based on our memory capabilities.
But by and large, internal security breaches are just as prevalent as an external attack. They’re actually on the rise. The demise of legacy IT systems and the move to the Cloud are enabling employees to access more data than ever before – even after they leave. 40% of ex-workers still have the ability to access their previous account and successfully log in. This is particularly worrying given that in a survey of IT professionals, 59% admitted they couldn’t even detect an internal data breach.
Follow these 3 steps to ensure your systems are protected against data protection policy misuse and to limit the impact of a data breach.
1. Two Step Authentication
For any sensitive data, you should always administrate a two step authentication system whereby the user trying to access the information must not only input a username and password, but also a unique code that only the owner of the device or system has to hand i.e a token sent to the owner’s personal mobile phone. This added layer of security makes it harder for intruders to steal data, but also raises the alarm that information is trying to be accessed by unauthorised personnel.
2. Database logging
By enabling database logging you can get an accurate view of who, where and when a piece of information was retrieved. Having this historic overview of data transactions means you’ll be able to appoint accountability, monitor unauthorised access and trace the source of a data leak. Communicating this to the wider company can also help instill a sense of seriousness and responsibility when it comes to abiding by your data protection policies, ensuring nobody takes a lax view.
3. Transfer policies
We’ve talked about data theft, but most companies allow employees to transfer data via USB portals. When it comes to a data breach, it means all IT managers need to know exactly what the average day-to-day operations look like from a network perspective. How many USB transfers traditionally happen in a day? What and who are the typical sources? Anything that falls outside these boundaries is something to investigate. Devising a complete ‘no-use’ policy will hamper everyday working, such as those who work from home or on a flexible basis. It’s about compromise but it also means a lot more understanding of the wider business is required.
Given that data breaches are predicted to rise and become more threatening, external and internal alike, it’s worth beginning to look at what’s necessary for your 2017 IT strategy. Download our free roadmap HERE