You continue to hear that your employees are your biggest risk when it comes to causing a data breach. Recent incidents that we have been involved in that were caused by employee error include:
- lost or stolen unencrypted laptops, phones or removable media;
- downloading sensitive information onto thumb drives or USB drives and losing them;
- clicking on infected links or attachments and introducing malware or ransomware into the system; or
- misdirecting an unencrypted email containing personal information.
The sad thing about these incidents is that they were all completely preventable. Protecting your company from your employees is an odd concept, but essential in the context of data security.
Some protections include:
- implement security measures so employees can’t download information onto unencrypted laptops or thumb drives;
- prohibit non-company encrypted thumb drives from being connected to your system;
- educate employees to detect and report phishing and spear phishing schemes, test them with internal phishing drives and re-train employees when they fail;
- require the transmission of sensitive data with encryption;
- implement procedures for employees to use the phone or face to face contact when receiving odd requests via emails for financial information, benefit information or wire transfers;
- implement multi-factor authentication and strong password procedures; and
- educate employees to slow down, take their time and verify the intended recipient before sending an email
- educate, educate, educate and engage your employees on data security so they can become the company’s stewards of data .
These basic data security measures may have protected the companies who suffered the incidents above from mistakes made by their own employees.