Nowadays, users are becoming more conscious about their work with data. With further expansion of the process of documents conversion into digital format, companies come to the conclusion that information stored on the computers is much more expensive than computers themselves. At the same time, it should be noted that the situation varies from sphere to sphere.
What’s Going On?
For example, the situation with data storage in spheres, monitored strictly by external regulators (such as the banking sector) is way better: employees understand the processed data value; instruments required for data protection, storage and transfer are implemented. Although the situation in this sphere is close to exemplary, it’s easy to obtain information related to borrowers of the biggest banks on the darkweb. This, in turn, means that still there are lots of security holes in the information security sector existing even in banking business.
However, there are spheres, where data-handling culture isn’t developed yet. It’s a bitter irony that this refers to spheres, accumulating the biggest masses of crucial information: medicine, hospitality, state structures. Hotels and hostels permanently supply illicit markets with scans of their clients’ passports. Passport data safety is case in point, which concerns everyone. All of us are regularly asked to take a scan of our document, but nobody is aware of the further usage of these scans.
Situation with data in the healthcare sphere is even more critical. For example, according to Verizon, more than half of data leaks that occurred in 2017 in the healthcare sphere happened due to the fault of employees of the affected organizations.
It seems that waiting until the last moment is a typical kind of behavior for any person, it’s, probably, just a part of human being’s nature. Nevertheless, hoping for a chance may be considered as a real crime in some spheres. For instance, it refers to companies and organizations, which accumulate, store and process super-sensitive data. This also refers to hazardous industries. In order to regulate operations with data in such organizations, GDPR (General Data Protection Regulation) was implemented.
Everyone is acknowledged about incidents happening with data every day. For instance, hacking is considered to be one the most important challenges of today. That’s, undoubtedly, true, but at the same time, there is one more crucial aspect of data-related incidents. We all should keep in mind that, in fact, employees are the main cause of information security incidents within the organization. Even though many data-related incidents take place occasionally, we should admit that, anyway, an employee is usually the author of data leaks. What’s more, it’s always easier for an intruder to find an accomplice within the company or organization, than to hack security software.
At the same time it’s obvious that there isn’t a single effective method for struggling against human factors. The reason for that lies in the sphere of peoples’ actions motives: some people make mistakes, leading to data leaks and related incidents occasionally, while others do that deliberately.
What To Do
That’s why whenever we give any kind of recommendations to our clients, we always suggest a complex of methods:
- First of all, it’s important to create and develop information handling culture. Employers should explain to employees that devices, software and information are basic company’s assets. Misunderstanding of this fact may sometimes lead to irresponsible attitude towards these assets. It’s crucial for employers to show employees that a responsible and serious attitude to information is the priority for the company. Staff should understand clearly that the employer is actually responsible to both clients and his employees, and that for each staff member it’s important to obey all the regulations and actively take part in further development of the company. In case of this policy implementation there is a high probability that staff will become more attentive, which, in turn, leads to decrease in the number of incidents, caused by inattentiveness.
- Permanent education and training. According to global statistics, phishing is the most popular method of attack. About 27% of users are affected by phishing attacks. Hackers permanently improve their skills, attacks become more and more sophisticated, phishing emails and web-sites become more and more similar to normal ones. That’s why it’s crucial for each employer to help employees to be up-to-date in questions related to information security. Regular training sessions may be one of the key measures, which will let employees successfully deal with new risks themselves, while the employer will be sure about the competency level of his employees in the sphere of information security.
- Appropriate level of data protection should be ensured. This aim may be reached by usage of specific high-quality information security software. More and more people conclude that antivirus programs, Windows administrative tools and employee productivity monitoring programs are not enough. They understand that usage of Firewall, Proxy, IDS/IPS, DLP- and SIEM-systems is extremely important in the current circumstances and soon will be even more crucial.
- Appeal to responsibility. Documentary note of employee’s responsibility is a major step in development of information security culture in the company. At the same time, people should also understand the consequences of their ignorance.
Data-protection is one the most crucial tasks for any company, state structure, healthcare organization etc. in any country. Ensuring safety is, of course, a complicated and complex issue, but joint team-work of permanently trained and well-acknowledged employees and managers with the support of high-quality up-to-date protective software can reduce risks significantly.
Have you heard? Employee Experience Magazine has made it to the Top 45 Employee Engagement blogs on FeedSpot. We’re proud to be ranked at 17th place and look forward to advancing to #1.