Higher-Ups More Likely to Break Policy, Data Breach Survey Finds

Kayla Matthews

Data Protection Policies

In an ideal scenario, the people at the highest levels of an organization would be the most likely to abide by data protection policies. Then, their positive behavior could set an excellent example for everyone at the lower tiers of the company. 

Unfortunately, one survey revealed this isn’t the case most of the time. The results showed that 78% of directors intentionally shared data in ways that didn’t align with company policies. In contrast, the same was true for only 10% of clerical workers. 

What was the most likely situation when directors behaved this way? The research showed that 68% of them did so by taking information with them to new jobs. The overall average of people breaking policy was only 46%, illuminating that directors represent the group most likely to misuse data. 

Data Protection Tools Not Widely Used Yet

Cost insider threats infographic

An insider breach occurs when someone who works at a company is directly responsible for causing it. Recent research indicates that insider breach costs are on the rise. Findings pinpointed a 31% increase in insider breach costs, with the average expenses totaling $11.45 million. Therefore, it makes sense that enterprises would want to do anything possible to protect data. 

Numerous companies offer tools that aim to make breaches less likely or make information less usable to hackers who might seize it.  However, research suggests they are not at a point of widespread usage. Only 48% of respondents use email encryption, and 47% of those polled provide workers with secure collaboration tools. 

Some companies have no choice but to implement better breach prevention methods. The U.S. Department of Defense (DoD) recently introduced a framework that outlines various levels of cybersecurity maturity. All parties doing business with the DoD must meet the requirements within the first level. Regardless of whether a company receives contract work, it should prioritize cybersecurity before it’s too late, and representatives discover data breach evidence. 

An Employee Could Help Discover a Data Breach

Perhaps a positive finding is that 58% of respondents said they found out about insider breaches through workers. The study did not detail which methods companies use to facilitate such reports. 

However, employees speaking up is a good thing. In addition to implementing a data breach policy that expects employees to mention what they know, companies must make it straightforward for workers to share information. 

An Insider Data Breach May Not Happen on Purpose

Employees Digital

When many people think of insider breaches, images of disgruntled employees seeking revenge likely come to mind. However, these incidents often occur when outside parties successfully trick employees into giving up valuable or confidential information. In fact, 41% of employees said they caused a breach by responding to a phishing email. Unfortunately, the research said only half of companies polled use antivirus software to screen for such content. 

While phishing was the top cause of unintentional data breaches, sending emails to the wrong recipients was the next most likely culprit, cited by 31% of people. Some companies aim to address the problem with an “undo send” feature. Yet these aren’t perfect, especially if a person has to use that option within seconds.

People May Be Uncertain About Data Ownership

Another worrying finding spotlighted an apparent data ownership discrepancy. More specifically, 29% of employees admitted to intentionally sharing information in ways that did not align with their company’s policy in the past year. Then, as pointed out earlier, 46% of overall employees did so when moving to a new job. However, 26% said they took risks when sharing data due to lacking the proper security tools.

Takeaways to Inform a Data Breach Policy

What can and should IT professionals do given these findings? First, they must not assume that people at the highest levels of an organization do everything right to keep data safe. Also, it’s smart for them to invest in tools that can discover breach Vulnerabilities and allow remediation before problems crop up. 

Upcoming employee training sessions should teach workers how to avoid scams, and company executives should assess their budgets to consider if there is money available to invest in software that looks for phishing attempts.

A best practice is to have a data breach policy that tells workers what to do if they know of or suspect an insider data breach. The plan should also explain information ownership, including what happens if an employee leaves

Preventing an insider data breach is not easy. However, the cost and risk involved make it imperative. 

By Kayla Matthews

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business ...

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips ...

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for ...
Tunio Zafer

Questions To Ask Every Cloud Storage Provider

Cloud Storage Provider Questions As with many new technologies, attitudes toward cloud storage vary. Telephones were immobile; wearables perhaps unwarranted. And now, the global cloud ...
Ajay

Explainable Intelligence Part 2 – Illusion of the Free Will

Illusion of the Free Will Explainable Artificial Intelligence (XAI) is getting a lot of attention these days, and like most people, you're drawn to it because ...
Aarti Parikh

What are the Capabilities of the AWS Serverless Platform?

AWS Serverless Platform AWS serverless compute services allow to build and deploy applications on AWS cloud without having to manage the servers. AWS serverless platform ...
Signal Messenger: How to Successfully Resist Wiretapping Attempts

Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply - from 6,000 ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web ...
Eddie Segal

Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey ...
Ian Hayes

Pick The Right AWS Course And Ensure A Brighter Future Ahead

Picking The Right AWS Course As the leader of the pack, AWS (Amazon Web Services) is the fastest-growing public cloud service in the industry, and ...
David Gevorkian

Website Accessibility: Compliancy, Laws and Best Practices

Key to Making Your Website Accessible The internet has changed the education sector in so many ways. With e-learning, more people around the globe are ...
Thomas Franklin

Future of Stock Markets : Raising Capital Through ICO is 10x cheaper and 20x easier

Future of Stock Markets: Raising Capital Through ICO How blockchain will replace the stock markets as we know them today. Welcome to the future. It’s ...
Ajay

Explainable Intelligence Part 1 – XAI, the third wave of AI

Explainable Intelligence Artificial Intelligence (AI) is democratized in our everyday life. Tractica forecasts the global artificial intelligence software market revenues will grow from around 9.5 billion US ...