July 23, 2019

Data Protection in your Organization: How to Prevent Insider Threats

Recent news events, coupled with Shred-its 2019 Data Protection Report (DPR), confirm that an organization’s biggest threat to its reputation and data protection practices comes from inside – not outside - an organization. That’s right, employees are an organization’s biggest threat to the security of its confidential information.

The possibility of a disgruntled employee leaking confidential records or information to media is a reality in today’s workplace, and in those cases, it is difficult for a business to recover. Below is a short re-cap of some of the key 2019 DPR findings and tips on what you can do to prevent a data breach from occurring in your organization. 

The 2019 Shred-it Data Protection Report (DPR) found that while employers trust their employees completely, human error is often the main cause of a data breach. 
  • 52% of C-Suits report human error/accidental loss by an employee/insider to be the main cause of a data breach;
  • 40% of SBOs report human error/accidental loss by an employee/insider to be the main cause of a data breach.
Interestingly, while we all know that a data breach can have a huge impact on a business’s bottom line, the study found that Canadian businesses are in denial about the serious impact a data breach can have on their reputation and business. 
  • 47% of C-Suite respondents support the statement that data breaches are not a big deal and are blown out of proportion. 
While businesses admit that one breach can have a huge impact on their business, C-Suites believe that data breaches are in fact “no big deal.”

With this in mind, Shred-it wants to arm business leaders with three tips on how employees can keep information security top of mind: 

1. Provide employee training throughout the year. Human resource departments often provide employees with information security training at the start of their employment. However, these best practices are often neglected once work picks up and deadlines start to approach. One solution is to have employee “lunch and learns” where data protection tips and refreshers are presented on more than one occasion. 

2. Create a culture of information security. Shred-it recommends that organizations implement a corporate culture of data protection from the top down. What this means is that all employees, regardless of seniority, need to incorporate daily information security habits into their routine. This can include cleaning ones desk before they leave work at the end of the day and putting any electronic devices and paper files into a locked console for additional security measures.

3. Implement Data Protection Office Policies. An additional method to ensure employees aren’t negligent in their data protection practices, is to implement office policies that make it easy for employees to follow. We often recommend implementing a Shred-it All policy where individuals do not need to discern between confidential and non-confidential documents, and instead, requires employees to place all documents into a locked console for shredding.  Another easy policy to incorporate is a Clean Desk Policy that asks employees to clear their desk of any document or device. 

By eliminating human error from the equation and paying greater attention to how employees approach data protection, organizations will be better protected from the risk of a data breach from occurring. To access more resources and best practices, visit www.shredit.com.