Risky business

Risky business

Curt Gauci, owner and managing director at Kinetix IT Solutions, highlights the impact of data leakages on business.

Accidental data leaks by employees are now a primary security weak point.

A recent study carried out by Cisco with employees and IT professionals, so as to understand the challenge that increasingly mobile businesses face in protecting sensitive information, discovered that despite the security policies, procedures, and tools currently in place, employees around the world are engaging in risky behaviours that put corporate and personal data at risk.

Such behaviour includes unauthorised application use: 70 per cent of IT professionals believe the use of unauthorised programs resulted in as many as half of their companies’ data loss incidents.

Another risky behaviour is the misuse of corporate computers: in fact, 44 per cent of employees share work devices with others without supervision.

There is also the issue of unauthorised physical and network access: 39 per cent of IT professionals said they have dealt with an employee accessing unauthorised parts of a company’s network or facility. Also, 46 per cent of employees admitted to transferring files between work and personal computers when working from home. Moreover, 18 per cent of employees share passwords with co-workers. That rate jumps to 25 per cent in China, India, and Italy.

To reduce data leakage, businesses must integrate security into their corporate culture and consistently evaluate the risks of every interaction with networks, devices, applications, data, and of course, other users.

Businesses must integrate security into their corporate culture

Employees around the globe are using business networks to communicate, collaborate, and access data. Businesses eager to increase productivity have embraced the growing integration of network communications and business operations, and have encouraged employees to take advantage of technology such as wireless devices and public hotspots. Productivity is booming, but network-based collaboration introduces corporate data into a broader environment that is more vulnerable and difficult to protect.

Data stored on the corporate network is also at risk because it is more accessible than ever. Organisations provide easy access to databases for information sharing, and storage and compression technology has allowed for more powerful (and risk-laden) endpoints. An 80-MB mobile device now holds 6,000 Microsoft Word documents or 720,000 e-mails, and new 64-GB removable devices allow an entire hard drive to be copied onto a device the size of a packet of chewing gum. These devices make it easier for employees, partners, or data thieves to access, move, or lose intellectual property or customer data.

In addition to having more data at risk, businesses today suffer greater consequences if that data is lost or compromised. The loss of intellectual property, such as proprietary product blueprints, financial data, and merger and acquisition plans, can damage a company’s reputation, undermine its brand, or jeopardize its competitive edge.

Breaches of regulatory requirements for handling sensitive customer data can reduce customer confidence and lead to fines.

Savvy companies institute security policies and train employees about the risk of data loss, but the effectiveness of those actions is questionable. In the past two years, more than 250 million confidential records were reported lost or stolen, and those losses do not always originate from external threats. Whether knowingly or unknowingly, innocently or maliciously, employees engage in behaviour that heighten the risk of data loss.

Since early 2016 the EU General Data Protection Regulation has come into force and the consequences of a data breach are much more serious than they ever were beforehand. Businesses of all sizes are realizing that compliance with the EU GDPR and the Data Protection Act has never been more important than the present.

At Kinetix IT Solutions we have deployed several data protection solutions and have the experience required to design and implement security systems capable of protecting your business data from internal and external threats. Our security services are designed to prevent information leaks in case of loss of device, network violations and virus threats, as well as brand defamation due to malicious, inappropriate or fraudulent activity on a network.

Comments not loading? We recommend using Google Chrome or Mozilla Firefox with javascript turned on.
Comments powered by Disqus