Get All Access for $5/mo

Be Sure to Look Around the Office When Searching for Gaps in Your Data Security High profile data breaches reported in the media rarely point to the significant threats from employees, either disgruntled or negligent.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

What's inside your own company may hurt you. Recent research reveals that internal security breaches, including accidental ones by careless employees, are dangerous and rampant.

Your business's greatest cyber threat could be festering right inside your offices. A recent report by Forrester Research, called "Understand the State of Data Security and Privacy," shows that one-fourth of survey respondents said that a malicious employee was the most common means to a data breach within the past year. However, respondents noted that 36 percent of data breaches resulted from employee errors.

Related: 10 Data-Security Measures You Can't Do Without

A report from MeriTalk found that 49 percent of compromises occur when workers bypass security measures, e.g., downloading e-mail files. This report focused on the federal government. If the feds can't protect themselves, how the heck can small businesses?

Businesses are spending more and more resources on protection, such as antivirus software, anti-phishing software and firewalls, plus teaching employees security awareness but the problems are crooked insiders and careless employees.

The MeriTalk report also reveals that 66 percent of respondents see security as time consuming and restrictive, while 60 percent believe their work takes longer due to additional cyber security tactics. Another 20 percent say they can't complete their work due to security measures and 31 percent skirt around security measures at least once per week.

The Forrester study reveals that 36 percent of data breaches come from accidental misuse of data by workers. Only 42 percent of respondents received security training and 57 percent weren't even aware of their company's current security protocols. One in four reported a breach was caused by malicious inside activity.

What should be done? To start, focus on workers with access to sensitive data, such as employees in human resources, accounting, legal, administration and personnel but also company officers and contractors. Businesses need to work with all the key departments to identify vulnerabilities and devise security tactics that don't obstruct productivity. Determine the level of risk for various kinds of data and set protections accordingly.

Related: 5 Ways to Avoid a Costly Data Security Breach

Following that, conduct a cost/benefit analysis. Review the different technologies that can be incorporated with the company's existing systems. This includes data loss prevention technologies and internal system status monitoring. The goal is to limit who has access to what kind of data. Determine why an individual needs the data.

Companies also need to examine their weaknesses from an outside-attack perspective. System-wide encryption should be implemented, as well as tools that report alerts and events. Access controls should be inspected and put in place, along with password management and multi-factor authentication.

Device recognition is crucial. There must also be disposal for e-data, paper data and discarded devices.

Transparency is also important. The more transparent that a business's network security and security policies are, the more effective and clear each department will be communicating their requirements, needs and differences.

Don't be let efforts to combat outside cybercriminals blind you to internal threats. Attention on one should not diffuse attention on the other.

Related: A Lack of Communication on Cyber Security Will Cost Your Business Big (Infographic)

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

7 Telltale Signs of a Weak Leader

Whether a bully or a people pleaser who can't tell hard truths, poor leadership takes many forms.

Business Solutions

Still Paying for Adobe Acrobat? Try This Instead.

Everything you need in a PDF editor—minus the subscription.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Franchise

How Franchising Can Alleviate Entrepreneurial Imposter Syndrome

The franchise model can alleviate entrepreneurial imposter syndrome and provide an alternative path towards professional independence.

Side Hustle

At Age 15, He Used Facebook Marketplace to Start a Side Hustle — Then It Became Something Much Bigger: 'Raised Over $1.6 Million'

Dylan Zajac, now a 21-year-old senior at Babson College, wanted to bridge the digital divide.