As I was reading Ponemon Institute’s most recent report on data protection and information security, “Closing Security Gaps to Protect Corporate Data,” I was struck by the study’s most significant finding: 3 out of 4 companies have experienced loss or theft of important data. Three out of four?! That means that at recent meetings I’ve attended with other CEOs and corporate leaders that almost everyone has faced this significant challenge to their business and reputation! And that’s companies of all sizes, not just the big guys you hear about in the news. How did we get to a place where data insecurity is the norm?
To start, the pace of business today requires information to flow quickly and efficiently to those who need it to do their jobs; we need the data now! This critical flow of data is expedited by the rise of cloud collaboration apps like Office 365 and Google Apps. Now Jim in Finance in Boston can access key customer purchase data from Susan in Operations in Chicago, and Diane and George in Patient Accounts can work together on a report that shows a correlation between account delinquencies and insurance providers. In fact, Ponemon found that 88% of end users say their jobs require them to access and use proprietary information. If everyone’s doing it, it must be ok, right? What could possibly go wrong?
Well, we all know the answer to that. Now that the data is so easily accessible, it’s also easily abused. And usually not with malicious intent. In fact, Ponemon found that it’s more than twice as likely to be due to innocent employee behavior than a crafty cybercriminal. A simple user error, like uploading a sensitive file to the wrong folder in Dropbox, can result in the accidental disclosure of client data, trade secrets, and even health records. So aside from removing all access to the cloud or firing all employees, what can you do to protect your company?