May 22, 2018

How Secure is Workplace Data? 7 Common Areas of Risk

Despite years of headline stories about security leaks and data breaches, many workplaces are still vulnerable to information thieves.  

Research shows there is a 1 in 4 chance of a data breach, and it also shows that there are common areas of risk in the workplace that need to be addressed.

That’s important because the average cost of a data breach in the United States is $225 per compromised record, according to the 2017 Cost of Data Breach Study by Ponemon.

7 Common Data Breach Risks and How to Avoid Them

Lack of Cyber Security Policies and Procedures

Almost half of the companies in 2018 Clutch research still do not have cyber security policies. But 71% of employees at companies with cyber security policies feel better prepared to address security threats.

Solution: Assess security risks in the workplace, and integrate information security policies and procedures that will help.

Employee Negligence

The 2018 X-Force Threat Intelligence Index concluded that employees who cause security incidents by accident (sharing passwords, leaving confidential data unattended, etc.) accounted for two-thirds of all the records that were comprised in 2017.

Solution: Provide on-going security awareness training so employees commit to security-driven habits. Implement a Shred-it All Policy and Clean Desk Policy too, to embed security habits into workplace processes.  

Lack of Third Party Security

Businesses often share confidential information with third-party vendors. But at least 56% of respondents experienced a third party data breach, according to the Ponemon 2017 Third Party Data Risk Study.

Solutions: Vet third parties to make sure they have comprehensive data security in place.

Insider Attacks

The Insider Threat 2018 Report showed that 90% of organizations feel vulnerable to insider attacks. Privileged users who abuse their role and fraudulently transfer money or steal clients’ personal information for identity theft cause the most problems.

Solutions: Use Data Loss Prevention (DLP), encryption, and identify and access management solutions. Many organizations monitor users in some way too.

Online Scams and Fraud

Phishing, malware, and skimming were the primary methods of attack in 63% of data breaches in a 2017analysis of the U.S. data breach landscape by the Identity Theft Resource Centre. Phishing figured into 47.7% of hacking-based attacks.

Solutions: Stay up-to-date on online scams. Use training to show employees what phishing emails look like. Have a process –including rewards – for reporting suspicious emails too.

Digitization in Business

Digitization of the workplace such as linking Internet of Things (IoT) devices such as phones, cars, and computers has created a larger attack surface for information thieves. A 2017 survey showed that 48% of firms have experienced at least one IoT security breach. 

Solutions: Encrypt all devices, and create a security policy for IoT device use. Assess security features when purchasing smart devices.

Obsolete Technology

Upgrading technology, systems, and software often results in stockpiling or improper disposal of legacy equipment, according to the 2017 State of the Industry Report.

Solutions: Make secure data destruction a key component of information security. Partner with a professional shredding company for paper, hard drive and e-media destruction services. The company should provide secure chain of custody processes with a certificate of media destruction after each service.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.