7 Reasons Why Your Organization Will Need Data Loss Prevention in 2018

As we enter 2018, data loss prevention is becoming a necessary part of business planning, as there just don’t appear to be many industries immune to breaches. 2017 has seen a spate of data loss breaches from not just some of conventional industries such as healthcare, financial services and retail, but also others like automotive, hospitality and even the military, in some cases. Here are some reasons why your business really needs data loss prevention in 2018:

  1. The threat is not just external

There’s a difference between what you see reported in the news media and what is actually happening in the U.S. and around the globe. Statistically speaking, internal threats account for just over half of all data loss. That’s according to an Insider Threats Report from 2017. While it doesn’t pay to solely look at one piece of data, the trend of roughly half of all threats being internal has existed across multiple studies for a number of years.

  1. Financial ramifications can be huge

According to a poll of 1,000 business decision makers, the average cost believed to be incurred from a data breach was around $1 million. Clearly, this depends a great deal on what industry you are in, but it’s something to be mindful of, particularly if your data is sensitive and would be worth something to other people.

  1. Financial ramifications are just the start

Quantifying the consequences of an internal data breach is a difficult thing to do, largely because loss of reputation and trust. Even if your business can take the financial hit from fines and compensation, it also has to withstand what can be sometimes a substantial loss of business. This can be particularly harmful for small businesses who don’t quite have the buffer of the larger, often multinational counterparts.

  1. Big data is here to stay

Companies are now moving to a place where they exist on data, and the growth of the big data industry is proof of that. While sensitive data nowadays often consists of things such as financial details and social security numbers, companies will increasingly find in the future that the data they keep on customers is more sophisticated and personal – and therefore sometimes more valuable to an outsider, which can lead to an internal worker deliberately releasing it.

  1. Thoughts on the Cloud are in the cloud

Most of us are moving to cloud-based computing and SaaS applications as a cost-effective way of storing and using data without having to pay for large builds. However, this also means that a DLP plan needs to be in place to ensure that sensitive data that your company currently keeps in the cloud is encrypted and that its transmission to third parties is prevented.

  1. Intellectual property protection is important to your customers and your business

This can be one of the biggest long-term consequences of data loss. While a breach of personal information about customers can be wide scale in its negative effects, an intellectual property breach is narrow, but incredibly damaging. If your company holds trade secrets, plans etc, either for your business or your customer, it’s essential that these are protected appropriately with a DLP strategy.

  1. Endpoints are increasing

With remote work becoming more and more common, the number of endpoints that data is stored on is therefore also increasing. These can be within your business’ computer network but it can also be outside it, in public places or at home. In these cases, you need a technology monitor that is installed on all of these devices that prevents certain sensitive or confidential actions happening as part of your DLP strategy.

A data loss protection strategy doesn’t have to be an alarming addition to your company’s business plan. However, it is starting to become concerning how many businesses, big and small, are avoiding the need for one of these, given that amount of data we use is growing exponentially. Internal threats can be both malicious and totally by accident, so it’s important to protect your employees, your company and, of course, your customer from the ramifications of data breaches.

What You Did Not Do in 2017 to Prevent Data Loss

We all know data loss is an issue. We see stories in the news media of large airlines or financial services compromising large quantities of sensitive information, some of which could have been very preventable. However, it’s not just big businesses that are a target. Roughly half of all data loss happens internally, either by malicious intent, or inadvertently. This means that any employee in a business that holds information online and in computer systems could potentially lose your company’s data. We’ve outlined some of the key things you probably didn’t do in 2017 so you can get your company ready for 2018.

  1. Back it up

This doesn’t just mean occasionally getting out a hard drive to double save the important stuff. Every company should have a backup procedure for their files. Of course, it’s sensible to employ more security measures for more sensitive files, but a data loss protection plan will ensure that files are being regularly protected and can therefore be restored if a loss of data occurs.

  1. Multiple backup points

One backup point has been proven to be not enough for truly sensitive data. Apply the 3-2-1 rule as part of your data loss protection plan. Information that needs to be highly protected has 3 backups, general day-to-day information that has much less importance has 1, and give moderate level information 2 backup points. It also helps to have offsite backups as well. Particularly when there is an external breach, it can affect entire physical locations due to how malware operates in shutting providers down.

  1. Get your audit on

One of the easiest ways for data to slip through the cracks, either intentionally or by an employee’s mistake, is when systems aren’t up to date. You would be amazed how much of your software and hardware needs patches and upgrades. Auditing is the perfect end of year job to go into 2018 with a fresh start and an updated system. Often it doesn’t end up being super expensive – you’re probably already aware of the big-ticket items that need to be upgraded.

  1. Sort out a communication plan

You can’t single-handedly prevent data loss from your company, but you can empower your employees to take heed and ensure that the systems that you have in place are working correctly. Surveys and feedback loops are a great way of winning employee engagement. Ask them how they use the data – they are the ones who are handling it day-to-day after all. And as you iterate and improve data loss protection plans, ask them for feedback. You’re much more likely to get buy-in if they feel that the way they work is being taken into account.

A great number of instances where critical company information is lost is often very preventable. We say preventable because backups are a huge part of protecting your company from potential data breaches. Ensure that, if anything goes wrong, you’re still able to access the information from another endpoint.

Any good data loss protection strategy starts with a review of the status quo so do a full audit of the ‘goings-on’ of your data, software and hardware – and be critical about where there’s room for improvement. Next, get your employees onboard to ensure that any efforts are fully integrated within all areas of the company. A thorough and well-thought out data loss protection plan can save your company huge fines, loss of reputation and potential loss of business.

The Top Industry Targets for Data Breaches – Are You on the List?

It’s important to know what your data breach risk is. It’s something that affects every company worldwide that operates even part of its services online. However, some companies are more at risk than others, sometimes due to the sensitive nature of information about individuals possessed by these companies, but also how easy it is for the data to be lost in some way. This is generally when companies have an insufficient or incomplete data loss protection strategy that prevents against both internal and external threats. Here are some of the top industries that have data breaches:

  1. Healthcare
    Healthcare is a prime target because of the huge amount of sensitive information, from medical records to payment information, kept by healthcare organizations. Due to the sheer size and scale of many healthcare organizations, often upgrading software and protection systems becomes so big that it’s overlooked in favor of what feel like more immediate issues, such as staffing and equipment. Around 100 million health records were compromised in 2015 and similar figures stack up for 2016 also.
  1. Financial Services
    Frighteningly, almost half (49%) of global financial services organizations have experienced a data breach in the past, according to the 2017 Data Threat Report. IBM has found that one of the biggest vulnerabilities for financial services firms is actually human error. Insider involvement accounted for 58% of all breaches in 2016; of these, 53% acted inadvertently, while 5% acted with malicious intent. Unfortunately, many of these could have been avoided with an agile data protection plan that was well-communicated to all employees.
  1. Government
    Governments have always been classic targets for any kind of information breach, due to the sensitive nature of the data that they hold and the power that they wield. They’re also a huge employer. If you were to add up the various parts of the US government from military, to bureaucratic and civilian, you can get figures of close to 5 million individuals working for the US government and having access to its computer systems. With roughly half of data breaches occurring internally, that’s 5 million potential ways to lose confidential government information.
  1. Transport and Logistics
    This is also a huge industry and covers everything from giant airlines, to small owner-operated delivery services. The US Department of Transportation said, “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.” Essentially, the transportation industry exists in a mobile world and mobile is one of the easiest end-points for data to be breached. It’s often not protected properly by companies, which can lead to employees easily losing information or being targeted by cyber-criminals.

Even if your company’s not on this list, it’s important for you to take steps to ensure that the data stays safe and secure. Data breaches have become so serious that companies can be liable for serious fines if it is deemed that their security was not up to scratch. If you’re a SME or SMB especially, they are the kind of fines that could put you out of business completely, or ruin your reputation. Look into a data loss protection strategy that works for the needs of your company and figure out ways to get your staff on-board to ensure that no data is lost from your organization.

Unique Data Loss Risks Faced by the Hospitality Industry

Data collection, data mining and big data, in general, have the ability to transform how industries, such as the hospitality industry, provide their services. The ability to access information about an individual, from basic contact information, to payment information, to behavioral information, means that benefits that consumers have come to expect – such as ease and personalization – can be easily employed.

The data captured by the hospitality industry, particularly hotels and restaurants, is often very comprehensive and sensitive, meaning it has serious ramifications if that data is lost. A person staying in a hotel will be handing over contact and payment details, using hotel wi-fi for business and personal use, and ordering services for their own personal comfort. Research indicates that the  hospitality industry accounts for nearly 14 percent of all breaches, second only to the retail industry. Here are some of the unique data loss risks the hospitality industry is facing:

  1. Large numbers of SMEs and SMBs

From the huge boutique hotel industry that’s booming, to owner-operated restaurants and bars, a great deal of the hospitality industry is made up of SMEs. Often, even when these businesses are part of a wider syndicate, there won’t necessarily be standardized rules for data security.

So, what’s the big deal with SMEs? Due to their size, SMEs and SMBs often don’t have any thorough data loss protection strategy in place. Cost, time and lack of knowledge are the general contributing factors here. However, DLP plans are now much more affordable and easy to implement, so it really comes down to the industry getting itself up to speed by educating that DLP implementation is essential and possible to do.

  1. Paper still rules the roost

Hotels, especially, still rely heavily on paper to conduct their day-to-day business. It’s common-place for services rendered and paid for to be carried out on paper throughout the whole transaction. Physical loss is one of the easiest ways for data to escape internally, either on purpose or by accident. Either way, due to the lack of digital footprint, it’s incredibly difficult to track where the leak came from.

Add to this, that according to Shred-it’s 2017 Security Tracker, less than half (49 percent) of small businesses shred all documents, including non-confidential ones, it’s clear that the hospitality industry needs to address this as part of their DLP strategy.

  1. Employee training is outward focused

Hospitality is a wholly customer-focused service industry. Huge amounts of resource are poured into staff training to ensure that customer’s needs and desires are being met and align with the kind of service the company is trying to provide.

The reality of this is that very little attention is focused towards internal processes. There are many statistics that suggest that roughly half of all data losses occur because of internal threats – people maliciously or unintentionally leaking sensitive data. This means that hospitality companies need to distribute their resource more efficiently and start focusing on creating internal DLP processes that work and that prevent the leakage of data.

While the potential for data to improve the services of the hospitality industry is huge, it brings with it large amounts of sensitive data that are not currently being properly protected with adequate data loss protection strategies. The high numbers of small to medium businesses, combined with the fact that the largely paper-based hospitality industry has an outward focus, means that there is plenty of work to do to ensure that the data of customer’s is protected from potential internal data loss threats.

DLP Strategies to Maintain HIPAA Compliance

Data loss protection (DLP) for compliance is the process of ensuring that sensitive data is not breached through its accidental or intentional release. Patient information is some of the most sensitive information about any individual. With so much of it being stored electronically, it is essential that steps are taken to protect the privacy and maintain HIPAA compliance.

In the US this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services.

What is HIPAA compliance?

HIPAA stands for the Health Insurance Portability and Accountability Act. It’s the law of the United States that is designed to ensure anyone handling sensitive patient information is protecting it and taking reasonable preventative measures to avoid its release. It sits alongside the HITECH Act, which raises the penalties around the release of electronic health information. We’ll be concentrating primarily on the Security Rule of HIPAA in this article, as it relates to electronic health information, but it’s important to be aware of the additional laws that come with health data.

What is the Security Rule

The Security Rule is the part of the Act that electronic protected health information – the creation, maintenance and movement of this kind of data. The key information relating to the Security Rule is to:

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

How to become compliant

A good DLP strategy essentially covers these things through software integration, plans and processes that are easy for healthcare professionals to use in their day-to-day jobs without slowing them down from their crucial role.

Everything from access control of who can actually see, modify and send sensitive information, through to encryption and other techniques when it comes to the downloading, uploading, sending and receiving of data.

Auditing, monitoring and scaling the process is also meant to be considered by healthcare institutions. This means constantly assessing all data and how sensitive it is, monitoring its movement to ensure there aren’t breaches which haven’t been considered with advancing technology, and ensuring that the DLP strategy is always growing and adapting to protect sensitive data.

Essentially, lawmakers are looking to ensure that healthcare professionals are taking due care, not only with patient safety during treatment, but also when they are dealing with patient information – from their health data to their Social Security Numbers. If you follow the preventative strategies above, you greatly reduce the risk of prosecution.

How to Use DLP to Secure PHI & Better Comply with Healthcare Regulations

Advances in technology have caused vast improvements to patient care in the healthcare industry. While healthcare administration has become more efficient, healthcare providers are able to offer improved patient care by reading patient data from sophisticated equipment in real time and being able to get specialists in different locations to offer professional advice on a specific patient’s treatment.

With this, of course, comes the risks involved with electronic data. Many of the publicized concerns, in the media particularly, lie with external threats, but almost half of all data loss happens internally, because of accidental or intentional and malicious release of sensitive information.

In this article, we’ll talk about how to use data loss protection (DLP) to better secure protected health information (PHI) in line with industry regulations.

What does PHI cover?

The key information covered in PHI includes, but is not necessarily limited to information about:

  • Health status
  • Provision of health care
  • Payment for health care

There are specific indicators, such as, in terms of location details, anything more specific than an individual’s state is protected. These can be found, as well as a full breakdown of the law, here.

Using DLP strategy

DLP strategy is much more than just rolling out expensive software for employees to use and ensure you’re covered. In fact, lawmakers will look at much more than just the technology employed if you are facing prosecution and liability for any internal data breach.

  1. Staff accountability

All staff, from HR personnel, to specialist healthcare professionals, IT departments and administrative staff should be on-board with the healthcare institution’s DLP strategy. They should understand it and be actively employing it. This means effectively communicating it to all staff through policies and procedures. Often some of these can be implemented in the actual DLP technology, meaning staff are getting real time updates on how they are using the DLP strategy, what they’re doing right and wrong, and how to improve.

  1. Identification and prioritization

Prioritizing how and what patient information should be deemed sensitive and how much DLP should be applied can be tricky. However, the laws around PHI help with this as they breakdown quite specifically what needs to be protected. From there, it is a matter of figuring out where that data lies and how the DLP technology can protect it.

  1. Audit, monitor and scale

It’s unrealistic to assume that a healthcare establishment, such as a large hospital, can protect every piece of information immediately. Budgeting and resource constraints get in the way. Additionally, new technology is always being implemented in the healthcare industry so rolling out a single DLP strategy that rigidly stays in place for the next decade will not do the job that lawmakers are expecting it to.

Instead, potential sources from which data can leak should constantly be assessed as they arise, data movement should be tracked to look for abnormalities and irregularities. And, audits should take place on how effectively the DLP strategy has been in ensuring the protection of patient information.

US lawmakers are serious about data loss protection in the healthcare industry and the laws around them are enforced, with individuals sometimes facing fines up to $250,000 if they are found to be liable. Ensure that your healthcare institution complies with industry regulations by working with your DLP company to create an effective, well-communicated strategy that protects you and, most importantly, your patients.

5 Ways to Overcome Healthcare Compliance and Security Risks

In order to ensure optimal patient safety and care, healthcare is one of the most standardized industries in the world. Particularly in countries like the US, where liability risks are enormous, hospitals are directing huge amounts of resource to ensure that they are compliant with national, and even international standards, to avoid scrutiny and liability.

The security threat that comes with the increase in mobility and remote technology, means that hospitals also have to be incredibly vigilant about data loss protection (DLP) and the threat that internal sources pose, both maliciously and by accident, in the release of sensitive data. Failure to do so can result in huge fines, a loss of reputation and risks to patient safety. Here are 5 ways that healthcare institutions can look to overcome compliance and security risks:

1.Software

In a study conducted by Ponemon Insititute LLC, it was found that only 23% of respondents in the healthcare industry were using data loss protection software to prevent against internal data breach. A huge amount of resource is often put towards preventing external threats through anti-malware and anti-virus programs but almost half of all data loss comes from internal sources. DLP software addresses the source of all information – how it operates and moves internally – and therefore helps to prevent its movement externally.

2.Communication

Data loss protection strategies, plans and software are only as good as how they are used and enforced. This requires a great deal of communication from IT departments as well as top level staff at healthcare institutions. A DLP strategy must be used by everyone handling patient information, which involves clear policies and procedures for staff to follow to ensure no accidental breaches, preferably integrated into the DLP software in real-time.Of course, a DLP plan that employs certain overrides can assist with this – for instance, blocking the download of data via a USB port, if that is appropriate.

3.Visibility

Visibility and accountability go hand-in-hand when it comes to overcoming security risks in hospitals, particularly those that are internal malicious threats. Employing a system that clearly identifies and tracks the movement of sensitive data, as well as ensuring that user information is connected to that movement, wards off malicious behavior. If the person wishing to release sensitive data knows that there is a higher likelihood that it could be tracked back to them, they will be less likely to do so.

4.Secure encryption

New healthcare protocols globally, and particularly in the US, mean that it is no longer acceptable for hospitals to not be encrypting their data. In the US, this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services. Encrypted data that is breached, however, does not need to be reported and is not penalized. It is viewed that the hospital took the necessary steps with a DLP plan to prevent such an occurrence and is therefore, not liable. Investing in encryption is a preventable measure that can significantly reduce large fines and lawsuits.

5.Scaling

Hospitals, as we know, are incredibly large institutions and therefore employing a rigorous DLP strategy to meet with compliance requires a huge amount of resource, which often can’t be met in a single financial year. Working with a good DLP company means that you should be able to employ an effective DLP strategy that takes care of the essentials to meet protocols immediately. But can then be scaled up and be fluid enough to change for the upgraded technology that is always occurring in the healthcare industry.

A good DLP strategy is more than just software. Especially when it comes to internal threats, it’s essential that a DLP strategy understands how people think and behave in order to overcome healthcare compliance and security risks. Preventative measure such as encryption and communication can help avoid the accidental breach of data. Clear visibility and accountability can assist in preventing a purposeful and malicious breach, while also ensuring that healthcare compliance protocols are truly met.

The Shocking Facts About Data Loss Protection You Didn’t Know

Data loss is, quite simply, a reality for businesses operating in the 21st century. It is often thought about as caused by external threats such as cyber attacks. But data loss is also caused by internal threats and is often more dangerous as it can affect companies of any size. We’ve rounded up some shocking facts about data loss protection you need to know about:

Over 50% of critical corporate data sits on unprotected PCs

Remote work has only really started to come into its own in the last five years and it is increasing at a truly rapid pace. Unfortunately, businesses do not seem to be ensuring that their DLP and cyber security plans keep up with the way their industries are changing. Personal computers, particularly laptops, but also home desktops possess the same levels of risk when it comes to internal loss of data. 

Small businesses that experience drastic data loss go out of business within a year

Probably the most shocking statistic for SME and SMB owners. The harsh reality is that, if a sufficient DLP strategy is not put in place, you may lose data via internal sources. Sometimes it’s malicious, sometimes it comes from simply a careless click.

Think about your company’s most sensitive data and what its release would mean in terms of a worst case scenario. Would you be financially liable to the individuals concerned? Would it ruin your company’s reputation? Are you likely to be seriously affected if a competitor sees your intellectual property? If the answer to any of these is yes, you should be seriously considering updating your DLP strategy, or implementing one if you don’t have it already. 

75% of all mobile apps fail a basic security test

Regardless of whether you supply employees with a company mobile or if you have a Bring Your Own Device policy, your employees will install apps on their phone.  This is both an internal and an external threat. The employee installs an app on their phone that does not have sufficient security – an internal threat. The levels of encryption that you have put in place can now be breached – an external threat. A good DLP strategy will see that you have buy-in with your employees to ensure that they know the risk of what they are downloading and outline necessary steps and criteria to follow.

Cyber crime damage costs to hit $6 trillion annually by 2021

And cyber crime is reportedly the fastest growing crime in the United States. While this refers to all cyber crime, not just internal data loss, it still sits as an astounding figure. Data Loss Protection strategies work hand in hand with additional cyber security measures. Many of the precautions you take to protect against internal threats will also protect against external threats but it is essential that you address both so that your company does not contribute to this statistic.

Data loss protection is all about managing risk. You can’t eliminate it completely but its important to stay on top of where the trends and technology are moving to ensure that you have your company and its sensitive data covered. These facts will hopefully make you see the huge global impact of data loss and the effect that a well-communicated DLP strategy can have.

How To Know When It’s Time To Upgrade Your Data Loss Prevention Strategy

Tactics that involve prevention and protection always need constant upgrading, changing and reworking. As technology changes and people find new workarounds, so to do you need to continue finding new ways to upgrade your data loss prevention strategy. Obviously, this can be quite time-consuming and costly for small to medium enterprises, particularly, so a sensible approach is to consider when and why you should be looking to improve your data loss prevention (DLP) strategy. This knowledge will allow you to prioritise your company’s resource effectively to help protect against any breaches.

Know the culprit
While much of the attention about data loss points to outside threats from cyber-attackers, it’s estimated that more than 40% of all data breaches occur internally. These can be intentional, but they can also be due to just a careless click of the mouse. Being aware of how your data could be lost, is the first step to upgrading your strategy.

Assess your sensitive information
It’s not entirely realistic for a small or medium sized company to have a mammoth DLP strategy that protects all of the company’s information to a very high level. Nor do most companies want that as it often comes with an increased level of administration that would significantly decrease an employer’s output, were it to be applied to every file in the company.

So, assessing the files that your company has is crucial to know when to upgrade your DLP strategy. The easiest way to do this is to look at the worst-case scenario for each set of files that your company has. If someone were to accidentally send a file to the wrong person, or maliciously release it to the public, what would the ramifications be for your company, both in terms of financial and that of reputation.

Qualification
Then, qualify your data files into groups – high risk, medium risk and low risk. Most companies with internet security and data loss protection strategies will have all-encompassing security that includes all files, even those low risk. It’s the high risk and, to a lesser extent, the medium risk files that you need to have a strong DLP plan around.

It’s also worth being mindful of whether the strategy covers new files that are created. Is there a process that qualifies this data into the ‘risk buckets’ mentioned above? Your DLP strategy is only as good as how it’s being implemented. If you find that there are gaps when you go through the process yourself, it’s time to look at an upgrade.

Accepting technological change
It can be difficult for companies who have invested a great deal in a solution to look at making significant changes to it. Often there are stakeholders or other parties who may not realise the necessity in doing this and therefore the cause also has to be justified.

However, one of the biggest weaknesses of all DLP strategies is that they are reactive. They constantly have to be told what to look for – the kinds of encryptions and data formats, for instance. As we all know, technology is changing and progressing at an unprecedented rate. Because of this, those encryptions and formats are constantly changing and therefore an effective DLP strategy should be updated accordingly.

So, when? Well, the answer is constantly, but the good news is that there are plenty of affordable solutions of technology that can fill the gaps in your DLP strategy, rather than completely reworking the entire thing – an unnecessary exercise. Software such as classification software can help to combat the issue above and only serves to strengthen your DLP strategy in a cost-effective way.

Although it would be nice to have a set of rules in place to know exactly when to upgrade your DLP strategy, such a set of rules would be unrealistic and not flexible enough to take into account all of the changing variables. Instead, an approach that involves a full assessment, qualification and reworking is best when considering an upgrade.

Data Loss Statistics That Might Shock You Out of Complacency

data-securityWe hear about data loss statistics in the news media from time to time when large breaches occur, often in big multi-national companies or government departments. It’s rare for the news media to report the smaller data breaches as they are less exciting, yet this is where much of America’s data loss is occurring. Internal breaches where employees either accidentally lose data, or do so with malicious intent, happen on a daily basis. These statistics are to help give you an idea of how engrained and widespread the problem is for companies of all sizes:

43% of data breaches are internal
This is an alarming statistic and an often overlooked one. A common misconception is that loss of data occurs mainly from malicious cyber-attackers. While external breaches still count for over half of all data breaches, and are certainly on the rise, internal data breaches are also increasing and account for almost half of all data breaches.

If we were to break that number down even further, half of these breaches were done by accident, and half were intentional on behalf of the employees.

So, what does this mean for employers?
The problem is two-fold so it must be approached in the same way. Firstly, a process-driven approach can significantly lessen the number of breaches that occur by accident. A good data loss protection strategy that is effectively communicated to employees will help to protect companies, regardless of their size.

Secondly, it’s important for employees to consider if there are any environmental factors that may cause an employee to release data intentionally. If there is a high incentive for them to release specific information, such as financial reward or other gain, look at how well that data is protected and whether it is able to be accessed only by employees who need to.

Also look at your company culture and assess whether there is any emotional incentive. Disgruntled employees who perceive, rightly or wrongly, that they have not been well looked after, are often overlooked for the high risk that they present to companies. Sometimes, there’s absolutely nothing an employer can do to stop their employee feeling a certain way, hence the importance of a good data loss protection strategy. However, in many cases, these employees would present no risk at all if companies had sufficient processes and schemes in place that made the employee feel valued.

60-70% of all data breaches can warrant public disclosure
This statistic is the most harmful to the reputation of your company. It comes from an Intel study done in 2015 and is even more relevant now as internal data breaches are on the rise. Broken down, the study found that, specifically, 70% of incidents in smaller commercial organisations, SMEs or SMBs, warranted either public disclosure or had a negative financial impact.

So often, the focus around data breach is on infiltration, or attack from the outside and how to prevent it. However, as studies have shown, many breaches actually come from the inside of small to medium businesses. It’s important for employers and small business owners to take notice of these statistics and consider how they could affect their own companies. Our advice is to be mindful of the data that is in your company’s possession and look at ways to prevent it from being released internally through good company culture and an effective data loss protection strategy.