Guest post from Rick Delgado.
While people can be the greatest asset, at times improving the bottom line for any organization, people also pose the greatest risk for network security. Employees can open enterprises up to data breaches in many ways whether it’s through ignorance, malicious intent, or pure carelessness.
What is a Data Breach?
A data breach is the unauthorized or illegal viewing, access, or retrieval of data by an individual, application, or service. It’s designed to steal and/or publish data to an unsecured location, also known as a data spill or data leak. Recent examples of data breaches of high impact are the breaches of Home Depot and Target. Home Depot’s breach affected about 56 million credit and debit cards, and Target impacted nearly 40 million cards. 43 percent of companies experienced a data breach in the past year, which is an increase of ten percent compared to the year before that.
According to one study, 80 percent of data breaches happen because of employee negligence. The root cause of the breach can be traced to someone giving out their password, a misplaced USB, spear phishing scams, or even a door left open to the company network center. Nearly 30 percent of companies who experienced a breach did not have a response plan or a team in place. Part of the issue with creating effective breach plans is the lack of employee confidence in their organization’s ability to take precautions. Only about 30 percent of people surveyed about their organization’s plans felt those plans were effective or very effective.
Limiting Access to Personal Data
Not limiting access to personal data comes with its consequences. About 70 percent of people in a recent poll reported they or one of their friends were spammed on a social networking site like Facebook. 46 percent were victims of phishing attacks and another 45 percent received malware.
Employees who share too much information on their social profiles put themselves and the enterprise at risk for data theft. Cybercriminals can steal company information through profiles and posts with attacks based on interests and likes. The security threats, also known as social engineering, are difficult to recognize and affect sites like Twitter and Google+. Attacks like “clickjacking” or “likejacking” trick web users into sharing confidential information, or they can take control of their computer when users access a certain link. Scammers will attract the curiosity of users with ambiguous entertaining headlines, getting users to share it with their friends and making it viral across the web.
Reducing the Risk Internally
Companies can reduce the risk to network security through training and establishing security plans. Although not every employee will express full confidence in their data breach response plan, it’s important to create one so the company has a platform to act on in case of an attack.
The first step in creating an effective plan is preparing only for incidents of concern to your business. It’s impossible to plan for everything and there’s no reason anyone should. The next step is to practice planned responses. A plan is worthless if it isn’t put into action. After creating an effective plan and practicing planned responses, it’s important for the company to think about responding in “minutes” and not “hours.” Companies need to move quickly to determine the cause and impact of the attack on their network security. The last two steps to a successful data breach response plan is to not over-communicate and to focus on restoring service before doing the forensics. Sharing too much information will put employees and shareholders into panic mode while creating a media mess. Restoring service should come first because the needs of customers need to meet, otherwise margins will drop drastically.
Proper training of employees can help a company keep everyone as informed as possible, in turn boosting network security. Knowledge is power, so executives will need to decide how much information employees should have and what types of information they’re allowed to share on their networking profiles. Keeping close tabs on company data may seem time consuming and tedious, but it’s not worth the risk of losing mission-critical information, tax records, and whatever else cyber criminals may be after.
About Rick Delgado: I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of freelance writing. I love to write about new technologies and keeping ourselves secure in a changing digital landscape. I occasionally write articles for several companies, including Dell. Twitter: @ricknotdelgado