Who Is Putting Data Security At Risk In Your Company?
Businesses are able to thrive when built on a system of trust and security, with insider information kept private, and client and customer details confidential. However, this is not always possible, with thousands of firms every year becoming victim of data breaches.
But the question remains who is to blame for these leaks of valuable company information? Only by discovering that will organisations be able to put an end to the problem and keep their data as secure and protected as it should be.
Businesses trying to protect information
Great efforts are being made across businesses to better safeguard their data, particularly with the launch of the General Data Protection Regulation (GDPR) in May last year.
This new law was introduced to legalise the protection of personal and identifiable information of citizens in the European Union (EU), so their data could not be shared or leaked elsewhere.
Replacing the Data Protection Act of 1998, GDPR is intended to stop businesses unlawfully distributing data, and requires people to provide consent about use of their personal information.
Technology risk assurance partner at RSM Steve Smith told the Financial Times Adviser: “This new legal framework is the biggest change to data privacy legislation in over two decades, and aims to protect EU citizens’ personal data, regardless of borders or where the data is processed.”
He went on to say this will “transform how businesses need to store and manage personal data”, with many consciously being aware that they have to destroy personal information by confidential shredding in London when it is no longer is required for the function which it was intended.
The scale of the data breach problem
Organisations across the EU have had to transform the way they terminate documents and the frequency they do it, but data breaches is such a big problem in the UK that it could take many other changes to reduce the risk to companies.
Indeed, recent figures from Beaming revealed UK businesses were victims of online attacks every two minutes, being hit by 71,253 each in the three months leading to September 2018.
This showed the scale of the problem, particularly with regards to cyber data breaches. Business security is under a huge threat, which GDPR seems to have had little impact on in this area.
In fact, the volume of cyber attacks increased by 34 per cent between the second and third quarters of the year, growing from 578 to 774 a day.
It is not just the problem of cyber attacks that companies need to be aware of, but also the growing challenge of identity fraud. If people using false identities approach organisations, this could put them in jeopardy.
For instance, fraudsters could access confidential information about the business by pretending to be customers, clients or members of staff, enabling details to potentially get into the wrong hands.
The recent Fraudscape 2018 whitepaper from Cifas revealed the extent of the problem, reporting a massive 125 per cent increase in identity fraud cases between 2007 and 2017.
From 2016 to 2017 alone, there was a one per cent rise in cases reported by Cifas members, growing from 172,919 to 174,523.
With the threat of data being unintentionally leaked to fraudsters, as well as the growing problem of cyber security breaches, companies really need to crack down on how their confidential information is stored – and who has access to it.
The obvious answer for most companies is their security is being put at risk by their employees. Even by keeping important information out of the reach of most members of staff, they still pose the biggest threat to businesses, as they could open the door for other people to access valuable data.
One way fraudsters can gain entry to withheld information is by retrieving passwords used by employees. Whether they simply make their passwords too obvious or leave them written down to be seen, this allows criminals to access private data without being spotted.
- Unsecured networks
Online security is a big problem for businesses, and staff members using unsecured networks to look at company documents online plays a huge factor in this.
These days, remote working is extremely popular, with workers being able to access their files on the cloud wherever they are. This means more and more people are opening and editing business documents when they are on the move, including on public transport, while walking, and in cafes and restaurants.
If they use free Wi-Fi, which is becoming more and more commonly available in public spaces, these files will be opened on unsecured networks, potentially allowing criminals to intercept this connection and access them.
In addition to enabling fraudsters to look at private documents, by using unsecured networks, employees risk them gaining access to passwords so they can read the confidential data over and over again at another time.
Whether they are opening documents, purchasing goods for the business, or revealing passwords, they are leaking valuable information to members of the public without even knowing it.
- Non-authorised apps
Another common mistake employees make is by downloading illegitimate apps on to their smart devices. While authorised apps are typically regularly checked to ensure they do not infect users’ phones or tablets with malware, the same cannot be said for those that are not legitimate.
By using these apps – perhaps even unknowingly – members of staff risk malware being installed on to the device, which could allow anyone to steal data, such as phone numbers, documents, passwords, or photos.
- Opening emails
It is not unusual for staff at big businesses to receive hundreds of emails a week, so it is no surprise that among these some might be opened that have not been sent from an authorised source.
These ‘phishing emails’ con colleagues in every organisation. However, they are a huge problem, and cyber security firm Symantec revealed last year in its Internet Security Threat Report that 71 per cent of targeted attacks started using phishing devices. This allowed them to access users’ credentials and personal information, which, for many, allowed them to pursue bigger attacks later on.
Employees need to be given proper guidance about these emails, so they avoid opening them in the future. While it might sound obvious not to read any message that has not been sent by a legitimate company, they can be extremely convincing, with many using links for fake websites that look believable.
Companies need to raise awareness of these emails, educating staff not to open anything that does not address the recipient by their name, contains typos or spelling mistakes, or where the ‘from’ address does not correlate to the signature at the bottom of the email.
- Keeping everything locked away
Another way staff members could put your business at risk is by simply not locking important documents away. While this is unlikely to be done intentionally, everyone makes mistakes – but in some cases, this mistake can cost organisations thousands of pounds.
Encourage a culture of locking away files at night, never leaving them out on the desk, and not bringing them home. Staff members could have their cars stolen, their houses broken into, or they might just leave their bag on the bus. Either way, by taking the files out of the office, there is an increased risk of them being found by someone else.
It is a good idea to have an employee check all valuable files are securely locked at night to avoid this risk. The same level of vigilance should be applied to locking the office as well, as not doing so could enable any member of the public access to filing cabinets, notebooks or computer software.
Employees are not the only ones that could be to blame for data breaches, and a lot of responsibility should fall on the shoulders of company leads as well.
For a start, they need to teach staff about keeping documents safe – whether online or in the office – through education programmes. Secondly, they need to exercise the same caution themselves.
One of the best ways to do this is to ensure the appropriate and regular destruction of documents, branded items, and media. While it is well-known that private files need to be shredded to avoid other people getting their hands on them, less is understood about the value in destroying other items.
For instance, it is essential to employ clothing destruction services in Cambridge every time you get new uniforms for your employees. This is because old uniforms could fall into the wrong hands if left unattended. If this happens, anyone could put it on and pretend to work for your company, gaining them a lot of privileges, including entry to your building and being privy to confidential company information.
Furthermore, media, such as USB sticks, CDs and DVDs need to be destroyed, even if they are out of date. These are often ignored and bosses forget about them, but they could contain information that may be extremely valuable to others.