As businesses spend billions of dollars a year trying to protect their data from hacking that’s costing trillions, they face another threat closer to home: data theft by their own employees.
According to the Washington Post, Insurance Journal and other business sources, the recent study Data Theft by Employees Affects 69% of Businesses of 208 organizations revealed 69 percent “experienced an attempted or realized data theft or corruption by corporate insiders” over the past 12 months - compared to 57 percent that experienced similar risks from external sources. Media and technology firms, and enterprises in the Asia-Pacific region reported the highest rates – 77 percent and 80 percent, respectively.
The survey discovered that despite recent high-profile data breaches at Sony, Target, Home Depot, and the U.S. Office of Personnel Management, many corporations do not yet consider cybersecurity a top business priority.
What's more, 70 percent of the survey’s respondents said they lacked adequate funding for the technology, training, and personnel needed to maintain their company’s cybersecurity, while 36 percent said their management considers cybersecurity an unnecessary cost. 42 percent of survey participants say they need bigger budgets for hiring cybersecurity professionals as well as for training as 54 percent reported that their current employees are underprepared to prevent security breaches.
Strong Governance Framework
Setting up a strong information governance framework with well-defined roles and responsibilities is an essential practice for an enterprise. Cybersecurity risks are now a strategic business issue and therefore require oversight so that high stakes business decisions can be made correctly and confidently. New standards such as the NIST Cybersecurity Framework are here to help guide organizations to compliance with complex information security requirements.
The 2015 Data Breach Forecast by Experian found that employees were the main cause of about 60% of security incidents. Although this type of breach doesn’t make the news in the same way that outside hackers do, the threat of malicious insiders, unauthorized use of cloud services, systems, or negligence of employees not knowing or following policies already in place must be taken seriously. Many times these breaches are due to employees leaving passwords written down in plain view, having easily guessable passwords, systems with no access control, and human error - all of which can be avoided. Be aware of physical records security, employees taking critical information when they transfer from a department or leave the company, and secure destruction and backups.
Information is a business asset across all functions of an organization.
Coordination among the facets of Information Governance allows an enterprise to make effective use of all of its information, regardless of ownership and at all stages of the information lifecycle. This is particularly important in the era of Big Data where analytics can be used to gain a competitive advantage. Litigation and increasing disciplinary action and fines for non-compliance have forced organizations to be more proactive and cautious when dealing with the business risks associated with poor records keeping and information management.
An enterprise must find the right balance to ensure that business units can reap the benefits of retention, access, search, and retrieval while mitigating the threats of data leaks.