Many reports have been coming out pinning most of the blame for data breaches on people, whether it’s inadvertent human error or malicious behaviour. As many as 90% of all security incidents are tied back to “people” - mistakes, phishing, bad behaviour, lost stuff, etc. According to our own study, many employees put data at risk in small but ultimately significant ways, such as modifying default settings, accessing personal email, online banking / shopping, social media, public WiFi, or file sharing. With a growing recognition of the risks posed by employees, we must ask: why are employees making risky choices that defy corporate security policies?
Kevin Beaver recently explored this topic as well, offering several ideas:
As Kevin points out in his own article, “it’s up to you to set your users up for success,” by being prepared with an awareness of what data you have, enforceable and well-communicated policies, and necessary support technologies. We share some of our thoughts on employees and data security in our whitepaper, ‘The Enemy Within - Insiders are still the weakest link in your data security chain.’