Posts

Data is everywhere; it’s like air. And the volume of data companies are accumulating is growing at an exponential rate. It is estimated that by 2020 every human will create 1.7 megabytes of information each second. This works out to more than 2.5 quintillion bytes of data a day. With data accumulating at such a rate, employee data theft is becoming more of an issue for organizations. Quest research found that 90% of organizations believe they’re vulnerable to “insider” theft. We often only hear about external data breaches, but the ramifications of an insider data breach can be just as destructive – if not more.

Alarming stats about employee data theft and loss

  • 27% of data breaches are caused by human error. (IBM)
  • 87% of employees who leave a job take the data they have created with them. (Biscom)
  • 8% of employees leave with data other employees have created. (Biscom)
  • 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
  • 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  • 55% of security professionals believe privileged IT users or admins are the most dangerous insiders. (Crowd Research Partners)
  • 25%+ of employees say they leave their computer unlocked and unattended. (Shred-it)
  • 1 in 4 executives and 1 in 5 small business owners said that a trusted vendor/partner was the cause of a data breach at their company. (Shred-it)

So what’s driving employees to steal data? In Verizon’s 2018  Data Breach Investigations Report, Verizon found that almost a third of all data breaches were insider jobs, and 75% of these were driven by profit, with ‘pure fun’ another top motivation.

The Verizon 2019 Insider Threat Report outlines the top 5 most common types of malicious insiders (not in any order):

  1. Careless workers
  2. Inside agents
  3. Disgruntled employees
  4. Malicious insiders
  5. Trusted third party’s

Preventing employee data theft

Control access

Limit access to your organizations sensitive data. 75% of employees say they have access to data they shouldn’t. Segregate sensitive or confidential data from your other data and limit access. Also, encrypting sensitive data is a good idea.

Automatically remove access

Create an automatic process for removing employees or vendors access to systems and data when they leave the organization or change roles. First of all, consider access to devices like computers and mobile phones, but also other areas like servers, intranets, business applications (email, ERP, CRM) and SaaS based software. A report from Ostermann Research found 67% of organizations couldn’t be sure they would detect if an employee who left was still accessing corporate resources. Even more alarming is 76% have no way of knowing when third parties such as contractors stop working on an organization’s systems and data.

Monitor systems and behavior

Watch for suspicious network traffic, including large volumes of outbound activity, remote connections or off-hours activity.  Monitor employee behavior including the use of external storage devices, cameras and cellphones.

Password protection

Secure all computers and devices with passwords. Ensure password best practices are followed, including updating passwords when an employee leaves an organization.

Secure network access

Secure network access with a firewall and ensure employees are remotely accessing the network through a Virtual Private Network. Additionally, encrypt and secure your Wi-Fi networks.

Employee education

Train all employees on cybersecurity, proper data handling and storage, and password protection practices. More importantly ensure employees understand the value of data and who owns the data.

Use the cloud

Protect your data by backing it up to the cloud. Backup best practices recommend you to keep 3 copies of data – one primary, two backups (usually 1 is a primary backup and 1 is mirrored on disaster recovery equipment). Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The title of an article in The Economist says it all – “The world’s most valuable resource is no longer oil, but data”.

Let’s start by defining data. Simply put, data is a collection of facts and statistics for reference or analysis. The processing, interpreting, organizing, and structuring of data creates information. Information is knowledge and has real value to a business that grows with more data.

Where is all this data coming from?

IBM notes that every second we create new data through computers, mobile and Internet of Things devices, wearables, beacons and more.  By 2021 there will be over 50 billion smart devices connected around the world and each of those devices will be collecting data.

An IDC study titled Data Age 2025, sponsored by Seagate, predicts worldwide data creation will grow to an enormous 163 zettabytes (ZB) by 2025. Additionally, the research also noted these key findings:

  • The number of embedded devices will grow from less than one per person to more than four in the next 10 years.
  • In just 8 years, the average person will interact with a connected device nearly 4,800 times a day.
  • 75 percent of the population will be connected, creating and interacting with data by 2025.
  • By 2025, over 25 percent of data created in the global datasphere will be real-time in nature, and IoT real-time data will make up more than 95 percent of this.
  • Almost 90 percent of all data created in the global datasphere requires some level of security, but by 2025 less than half will be secured.

How much is data worth to your business?

A significant amount of money is spent on collecting, storing and securing data. What is the value of that data to your business? In an article on Raconteur Doug Laney, vice president and distinguished analyst at Gartner’s data research business, says information-savvy companies with a chief data officer, enterprise data function and data science professionals currently have a book value twice the market average. MITSloan Management Review says data has become a key input for driving growth, enabling businesses to differentiate themselves and maintain a competitive edge.

With the rise in the volume of data being collected comes a rise in cybercrime. The 2019 Official Annual Cybercrime Report by Cybersecurity Ventures, predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.  Accenture’s Ninth Annual Cost of Cybercrime global study estimates security breaches are up >11% over the past year and 67% over the last five years.

Why is data so valuable?

As noted above, the processing, interpreting, organizing, and structuring of data creates information. This information provides your business with the critical insight needed to:

  • Improve your products and services
  • Enhance customer experience and satisfaction
  • Increase employee productivity
  • Improve business efficiency

An improvement in any one of these areas will have a significant impact on your business. There is no question that data is valuable, but is it really the world’s most valuable resource? That’s entirely subjective but there’s no one that’ll argue its importance and potential impact on industry.

How do you protect your most valuable asset – data?

When something is important you must protect it. Take the following steps to protect your data:

  1. Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  2. Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  3. Train all employees on cybersecurity, proper data handling and storage, and password protection practices
  4. Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology
  5. Don’t collect data you don’t need.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The answer will surprise you.

Data loss is a battle organizations big and small are constantly fighting. According to a recent Gartner report, global spend on Information Security and Data Protection will reach USD $124 billion in 2019.  This figure is expected to grow at 11% CAGR to USD $284.5 billion by 2025.

Companies worldwide are spending billions on infrastructure, endpoint and application security to prevent unwanted breaches/hacks/intrusions. Capital One  was one of the most recent companies to experience a breach, with the social security, bank account, and personal information of 106 million people stolen.

However, are hacks and breaches the real cause of data loss in companies?  The answer may surprise you.

In 2019 a Shred-it survey conducted by Ipsos highlighted that nearly half of all C-Suites (52%) and one in three Small Business Owners (SBOs) say human error or accidental loss/deletion by an employee/insider were the primary cause of data loss.

That’s right, the primary culprit of data loss in many cases is human error. From accidental deletion, to lack of cybersecurity training, to misdelivery of information – humans are one of the weakest links when it comes to data loss and breaches.

Let’s look at data loss and the human element in more detail.

Accidental Deletion

Accidents happen – right? Your employees create, save, update and delete files every day, so screw ups will happen. Consequently, at the business level regularly backing up all of your important data and information is critical. For employees understanding how to properly save, store, delete or move files is crucial.  In particular, with the popularity of shared sync services like Dropbox, Box and network drives, where an accidental folder deletion can wipe critical files from everyone’s computer, this has become critical.

Lack of cybersecurity training

Are your employees able to recognize a phishing attack? Do they know how to recognize suspicious email attachments? Cybersecurity training can’t be a one-time occurrence it needs to be an ongoing priority for all employees. Malware and ransomware are constantly evolving and so should your training. Additionally, the handling of confidential information requires even more training to ensure there are no breaches.

Poor user passwords practices

A 2018 Verizon Data Breach Investigations Report found over 70% of employees reuse passwords at work. A “staggering 81% of hacking-related breaches leveraged either stolen and/or weak passwords.” From weak passwords to reusing passwords to sharing passwords, it is clear better education is needed. Two factor authentication, secured connections and password encryption are additional ways to improve the security of your data and prevent loss.

Misdelivery of information

Your employees always send information to the right people – or do they? Misdelivery of information was the fourth most frequent action that resulted in data breaches, according to the 2018 Verizon Data Breach Investigations Report. Encouraging employees to double check email addresses, encrypting emails with sensitive information and limiting the ability to send sensitive information outside of the corporate network – are ways to ensure the right information is getting to the right people.

Employee Turnover

When an employee leaves an organization information frequently goes with them. Information maybe deleted or taken with the employee on a USB key or cloud drive. Regardless, organizations must ensure all employee data is kept within the walls of the organization and is accessible. Employees should regularly backup to corporate servers or the cloud and they should be discouraged from saving files on their local computer.

What can your organization do?

Transforming your company’s cybersecurity practices can take months or years. In the short term, here are a few actions you can start with:

  1. Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  2. Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  3. Train all employees on cybersecurity, proper data handling and storage, and password protection practices
  4. Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology

 

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days
Think of the cloud as a utility

For a variety of reasons, some companies are reluctant to do business in the cloud. They may have reservations about the cost, about the security of the technology or may just not have enough information. One way to allay some of these concerns is to consider the cloud as a utility.
All companies use utilities to help their business function. Heat is needed to keep the company’s buildings at a reasonable temperature so its employees can do their work effectively, particularly on cold winter days or rainy and wet winter days. Electricity is needed to help a company power its computers and all of its devices. It is also needed so that its employees aren’t left doing their work in the dark. Electricity, therefore, has become an essential utility.
So, what about cloud services? Are they a utility or merely a service? Perhaps they can be viewed as a technological utility for businesses. If we look at them as a utility, are they a necessary or essential utility? The answer depends on a company’s needs. If your company is an information based enterprise that relies on data, then it can be argued that the cloud can now be considered to be an essential service. Why would this be?
Well, first of all, for information based companies that rely on access to data, the cloud is a their life line. It allows them the freedom to store an unlimited amount of data safely and securely. They can efficiently store important data and have access to it whenever and wherever they need to. It allows their employees to travel on the road and access important files when they are travelling for business. It allows them to open up branches in different cities, secure in the knowledge that if they access cloud based services, access to critical data is instantaneous. This is an incredible innovation that cloud technology has made possible, and is particularly advantageous to information based companies.
In fact, storing data in the cloud, all in one place, helps companies to become more efficient. It streamlines their business and allows them to operate more effectively. Information based companies need not spend money building inexpensive infrastructure to store their data because it always exists in the cloud. All they need to do when they choose a cloud vendor is transfer their data to the cloud, where it will be securely stored.
If a company is all about data and information, they should seriously consider the benefits of cloud computing. Once they start using it, it could become an essential service.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days