Insider threat: Employees at the heart of companies' data security
Insider threat: Employees at the heart of companies' data security

 

 

The business impact of data breaches is spiralling. The average cost of a UK company's information loss reached a record high of £2.53 million last year. What's more, for the first time a report has claimed to be able to measure the impact cyber-breaches have on companies' share prices: on average, a company's value permanently drops by 1.8 percent following a major breach (*). However, whilst businesses concern themselves with the damage hackers or outside malicious attackers could cause, another issue to consider is the rise of remote working and how employees treat company data when not in an office environment.

 

It is well-known that the traditional workplace is no longer. Flexible work options are becoming the new norm. Maintel's recent study found 65 per cent of respondents are now confident requesting to work remotely and 60 per cent believe technology can replace human interaction in the office. However, working remotely raises the risk of critical data being misplaced by well-meaning employees. Two thirds (66 percent) of workers do not worry about the safety of company data when working remotely. Does this imply sensitive information is unlikely to be protected properly? How do companies find the right balance between adapting to agile work practices and keeping company data safe?

 

To prevent the insider threat and protect data, companies have a responsibility to educate their employees and provide secure methods to communicate and share confidential information outside of the office. There is a wider need to help staff appreciate the damage seemingly innocent activity, like logging on to emails on a personal device, could do.  IT and HR teams should work together to hold interactive training series, demonstrating, for example, how hackers could exploit one compromised email account to access the company's entire ecosystem. These sessions should be re-enforced with clear compliance guidelines for staff to follow.

 

Organisations must also give employees the tools to keep data safe in the first place and take as much of the process for security management out of their hands as possible. To do so, companies should put in place an overarching solution to protect data accessed at every location. Protection mechanisms should now go beyond  traditional firewalls and focus on the end-user's devices. A cloud and software-based solution is ideal for this, pushing programmes onto any given device and ensuring updates are automatic. Deploying inline security that inspects end-user traffic across multiple security techniques and containerised tools will also mean employees have a secure way to keep in touch with colleagues via their own devices on the move. Such an approach will mean firms can be assured that their data is secure without causing too much disruption to productivity.

 

Moving into the future, and with increasing numbers of people working remotely, analytics software will also play a large role in keeping data safe. Through collecting and analysing data, firms can provide a cyber-threat assessment and identify where an attack has originated, or work out if a specific device is malicious or not part of the authorised network before gaining access. By being able to ensure all devices on the network are authenticated and safe, working remotely will become much more data-protection friendly.

 

Being able to dynamically compute the risk of every object online with both users and their devices is key for IT leaders to be comfortable while enabling secure flexible working. And being able to provide accurate analysis and appropriate communication of security metrics to the board of directors is a critical component of the cyber-risk reduction process by IT and security executives.

 

Whilst employees can be complacent about data security, business leaders cannot afford to be. Firms need to evaluate their security procedures around flexible working now, before it leads to a damaging data breach which costs the company's bottom line. Putting processes in place will not only protect the company, but also enable firms to continue to evolve their flexible work policies in support of today's changing workforce.

 

(*) : https://www.cgi-group.co.uk/white-paper/the-cyber-value-connection

 

Contributed by Jean-Frederic Karcher, Head of Security at Maintel

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.