October 27, 2015

Document Security Issues: Do Your Employees Do This?

“The user is the weakest link in the security chain,” pronounced a recent cloud cybersecurity report by CloudLock.  

You won’t get a lot of argument there.

The 2015 Data Breach Industry Forecast by Experian, for example, stated that “between human error and malicious insiders, time has shown us the majority of data breaches originate inside company walls.”

Data breaches carry a high price tag in dollars and in the loss of reputation and customer base. They cost companies $400 million from 700 million compromised records worldwide, according to the Verizon 2015 Data Breach Investigations Report.

How do employees increase the risk of an information security breach?

Irresponsible in the Cloud: The Q3 2015 Cloud Cybersecurity Report showed that in cloud environments, 75% of the security risk can be attributed to just 1% of users whether user behavior is unintentional or malicious.  

Understanding the composition of this 1% is important to office security. “Often times, this subset of users includes super-privileged users, software architects, as well as machine-based identities that grant access privileges and archive data.”

Using Apps: The CloudLock report showed that 1% of users represent 62% of all app installs in the cloud.

CloudLock said there are over 91,000 unique third-party applications in existence.

But research has shown that apps are often targeted by cybercriminals as entry points into an organization. Also, there are counterfeit or malicious apps that look legitimate but are not.

In the 2014 Insecure Mobile Devices report by Ponemon, 36% of respondents said their organization lets employees copy confidential data to public cloud-based applications. But 46% say they are not able to manage or control what is copied in the cloud; 11% are unsure.

Indiscriminate Use of Social Media: Hackers use “decades old” techniques such as phishing and hacking in order to access information.

Employees should be aware that criminals often use social media websites as sources for personal information that they then use in spear phishing in order to get more information and/or gain access to corporate environments.

Sharing Confidential Information with Third Parties: Almost 3/4 of cloud-based sharing occurs with personal, non-corporate domains such as Yahoo and Hotmail.

If your organization is connected to a third party supplier that is comprised, that compromise has a bridge right into your organization.

Use Personal Devices for Work: Almost half of respondents in the Ponemon study said mobile devices used in their organization do not have adequate security or control features. When there are controls, just over half (52%) say employees circumvent or disable required security settings.  

How to improve document security in your workplace?

  • Limit access to sensitive information;
  • Use security safeguards including passwords, anti-malware/anti-virus software, encryption and network security;
  • Make people your first line of defense with security policies and procedures and on-going security awareness training;
  • Implement a comprehensive mobile device policy that includes app controls;
  • Evaluate third-party suppliers to be sure they are committed to information security;
  • Only keep data on a need-to-know basis; otherwise have it securely destroyed.

Save time by outsourcing all of your document security needs.