The answer will surprise you.
Data loss is a battle organizations big and small are constantly fighting. According to a recent Gartner report, global spend on Information Security and Data Protection will reach USD $124 billion in 2019. This figure is expected to grow at 11% CAGR to USD $284.5 billion by 2025.
Companies worldwide are spending billions on infrastructure, endpoint and application security to prevent unwanted breaches/hacks/intrusions. Capital One was one of the most recent companies to experience a breach, with the social security, bank account, and personal information of 106 million people stolen.
However, are hacks and breaches the real cause of data loss in companies? The answer may surprise you.
In 2019 a Shred-it survey conducted by Ipsos highlighted that nearly half of all C-Suites (52%) and one in three Small Business Owners (SBOs) say human error or accidental loss/deletion by an employee/insider were the primary cause of data loss.
That’s right, the primary culprit of data loss in many cases is human error. From accidental deletion, to lack of cybersecurity training, to misdelivery of information – humans are one of the weakest links when it comes to data loss and breaches.
Let’s look at data loss and the human element in more detail.
Accidents happen – right? Your employees create, save, update and delete files every day, so screw ups will happen. Consequently, at the business level regularly backing up all of your important data and information is critical. For employees understanding how to properly save, store, delete or move files is crucial. In particular, with the popularity of shared sync services like Dropbox, Box and network drives, where an accidental folder deletion can wipe critical files from everyone’s computer, this has become critical.
Lack of cybersecurity training
Are your employees able to recognize a phishing attack? Do they know how to recognize suspicious email attachments? Cybersecurity training can’t be a one-time occurrence it needs to be an ongoing priority for all employees. Malware and ransomware are constantly evolving and so should your training. Additionally, the handling of confidential information requires even more training to ensure there are no breaches.
Poor user passwords practices
A 2018 Verizon Data Breach Investigations Report found over 70% of employees reuse passwords at work. A “staggering 81% of hacking-related breaches leveraged either stolen and/or weak passwords.” From weak passwords to reusing passwords to sharing passwords, it is clear better education is needed. Two factor authentication, secured connections and password encryption are additional ways to improve the security of your data and prevent loss.
Misdelivery of information
Your employees always send information to the right people – or do they? Misdelivery of information was the fourth most frequent action that resulted in data breaches, according to the 2018 Verizon Data Breach Investigations Report. Encouraging employees to double check email addresses, encrypting emails with sensitive information and limiting the ability to send sensitive information outside of the corporate network – are ways to ensure the right information is getting to the right people.
When an employee leaves an organization information frequently goes with them. Information maybe deleted or taken with the employee on a USB key or cloud drive. Regardless, organizations must ensure all employee data is kept within the walls of the organization and is accessible. Employees should regularly backup to corporate servers or the cloud and they should be discouraged from saving files on their local computer.
What can your organization do?
Transforming your company’s cybersecurity practices can take months or years. In the short term, here are a few actions you can start with:
- Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
- Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
- Train all employees on cybersecurity, proper data handling and storage, and password protection practices
- Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology