IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Tue, 8th Jan 2013
FYI, this story is more than a year old

When people talk about data breaches, the tendency is to think about cybercriminals and hackers trying to access networks to extract valuable information.

This is dangerous for two reasons. Firstly, it can lull organisations into a false sense of security.

“What could criminals possibly want with our data?” they ask. Or: “We don’t hold payment details – they wouldn’t target us.”

This in itself can lead to a general air of complacency around data security: “It’ll never happen to us.”

Secondly, research has shown that in reality the biggest risk to an organisation’s data lies somewhat closer to home.

Recent research from the Ponemon Institute showed that organisations cite “human factors” as the cause of 78% of all data breaches.

In other words, the greatest threat to an organisation’s data actually comes from its own staff.

This is not to say that your employees are deliberately trying to harm your organisation. Instead, the research shows that the vast majority of data breaches are caused instead by human beings, being human – forgetful and careless.

So, the challenge is how to stop them.

Take charge of device management

Technology has an answer. The idea is to take responsibility away from the user as far as possible whilst maintaining a workable solution which enables staff to be productive.

Using a management console to enforce data security policy across an organisation prevents this problem.

Organisations are responsible for administering their own management systems, which can be used to monitor, set and enforce policies right down to individual users if required.

In addition, management software can also track and monitor what devices are allowed and what data is downloaded, and can be used to block the usage of unencrypted USBs.

This removes the chance of human error by automatically guaranteeing the use of an encrypted device.

Management consoles can also remotely wipe USB devices which are lost or stolen, monitor usage and even control precisely what data may be downloaded to portable memory devices, thereby adding extra layers of data protection.

Management technology takes the responsibility out of the hands of staff and ensures compliance by removing the chance of human error.

Enforcing data security policy via an automated, managed solution prevents data breaches, and in doing so protects both staff and data.

Encryption counters human error

The use of encryption effectively counters human error because it is relatively inexpensive, simple to administer and highly successful in preventing data breaches. If an encrypted device is lost or stolen, the data remains secure and a breach is avoided.

Encryption is also easy to use. Employees are sensitive to new policies which they feel will prevent them from doing their jobs properly or make them less efficient.

An encrypted memory stick can be used with the same ease as an unencrypted device, and provides peace of mind for staff and security for data.

Biometric devices are more expensive but are also more secure, and have the usual benefits that biometric security holds over passwords (a fingerprint can’t be forgotten, guessed or written down on a Post-it).

Make life easier, not harder

Employees are adept at finding workarounds for policies which make their lives harder, they don’t agree with or they see as unnecessary. If following the rules makes life harder, a recipe for data breaches will result.

Education has to go hand-in-hand with technology. Staff need to understand their responsibilities around data security and how to use technology effectively in order to do their jobs without risking a data breach.

Technology in data security should be an enabler, which allows staff to do their jobs better and more safely.

Human beings will always make mistakes, so the onus is on organisations to ensure that they can mitigate this threat.

The good news is that technology support can prevent carelessness turning into a data breach.