⚡ Get All Content for 20% Off ⚡

Be Sure to Look Around the Office When Searching for Gaps in Your Data Security High profile data breaches reported in the media rarely point to the significant threats from employees, either disgruntled or negligent.

By Robert Siciliano

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

What's inside your own company may hurt you. Recent research reveals that internal security breaches, including accidental ones by careless employees, are dangerous and rampant.

Your business's greatest cyber threat could be festering right inside your offices. A recent report by Forrester Research, called "Understand the State of Data Security and Privacy," shows that one-fourth of survey respondents said that a malicious employee was the most common means to a data breach within the past year. However, respondents noted that 36 percent of data breaches resulted from employee errors.

Related: 10 Data-Security Measures You Can't Do Without

A report from MeriTalk found that 49 percent of compromises occur when workers bypass security measures, e.g., downloading e-mail files. This report focused on the federal government. If the feds can't protect themselves, how the heck can small businesses?

Businesses are spending more and more resources on protection, such as antivirus software, anti-phishing software and firewalls, plus teaching employees security awareness but the problems are crooked insiders and careless employees.

The MeriTalk report also reveals that 66 percent of respondents see security as time consuming and restrictive, while 60 percent believe their work takes longer due to additional cyber security tactics. Another 20 percent say they can't complete their work due to security measures and 31 percent skirt around security measures at least once per week.

The Forrester study reveals that 36 percent of data breaches come from accidental misuse of data by workers. Only 42 percent of respondents received security training and 57 percent weren't even aware of their company's current security protocols. One in four reported a breach was caused by malicious inside activity.

What should be done? To start, focus on workers with access to sensitive data, such as employees in human resources, accounting, legal, administration and personnel but also company officers and contractors. Businesses need to work with all the key departments to identify vulnerabilities and devise security tactics that don't obstruct productivity. Determine the level of risk for various kinds of data and set protections accordingly.

Related: 5 Ways to Avoid a Costly Data Security Breach

Following that, conduct a cost/benefit analysis. Review the different technologies that can be incorporated with the company's existing systems. This includes data loss prevention technologies and internal system status monitoring. The goal is to limit who has access to what kind of data. Determine why an individual needs the data.

Companies also need to examine their weaknesses from an outside-attack perspective. System-wide encryption should be implemented, as well as tools that report alerts and events. Access controls should be inspected and put in place, along with password management and multi-factor authentication.

Device recognition is crucial. There must also be disposal for e-data, paper data and discarded devices.

Transparency is also important. The more transparent that a business's network security and security policies are, the more effective and clear each department will be communicating their requirements, needs and differences.

Don't be let efforts to combat outside cybercriminals blind you to internal threats. Attention on one should not diffuse attention on the other.

Related: A Lack of Communication on Cyber Security Will Cost Your Business Big (Infographic)

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.