Data thefts are commonplace in today’s cloud era. Data breaches are happening in spite of the so called precautions in place and that cannot be denied or argued upon. Organizations need to be constantly vigilant and any lax on their part will result in a security breach so stealthily that they will have no time to comprehend the magnitude of that data breach, forget about putting counteractive measures in place. Sometimes, the primary reason for such data breach scenarios is not
found outside the firm, but very much inside it, right in front of them, unfortunately by their own employees. Employees have high level of physical and digital access to confidential information and whether it is unintentional or deliberate, they have the power to inflict high damage to the concern. Negligent and vulnerable employees count for 53% of the data security breaches while the malicious insiders add up to only 25% as per the IBM X-Force-Threat-Intelligence-Index. Apart from training the new employees for accessing sensitive data, it is advised that the company handle the disgruntled employees too for the fear of getting its data breached through ill-intent.
It is well worth keeping an eye on employees who have had virulent disagreements with management or company policies. Also discontent gets sparked during evaluations due to poor assessment. Companies may see a spike in sensitive data access just before the employees quit and transit to other places for employment. Watch out for employees who suddenly start working in the office for late hours when rest of them have gone home. Also when an employee has an unexpected change in his financial situation, then it has to be investigated whether the cause is due to selling of sensitive data to earn some extra money. Such suspicious matters have to be reported to the management promptly so that appropriate actions can be taken.
When there is a lax in data protection, the long-term employees are already aware of the system vulnerabilities and it takes them no time to access sensitive data given their association with the company. Without the proper implementation of Data Loss Prevention (DLP) tools, employees can copy files into their devices, email sensitive information from the on-premise system to a personal email through popular information sharing platforms like Google Drive or Dropbox and this can all be achieved easily without the organization being able to track the person who forwarded or received it.
Effective DLP solutions enforced through company policies can help prevent data thefts by employees. It blocks the predefined sensitive data sets being transferred or downloaded based on name, type, content or compliance profiles and this is an effective step to comply with regulatory standards like HIPAA, GLBA, GDPR, PCI etc. Also, DLP solutions can be run on each employee’s devices and checked for the presence of sensitive data. The data thus found can be deleted. Also Mobile Device Management (MDM) techniques, blocking of camera, Bluetooth and WiFi options on BYOD devices on company premises can be undertaken to reduce the data breach scenarios.
Data can be secured in a digital environment but it is hard to account for the outside environment. Remote working is one more possibility where there is risk of the company’s data being shared across the employee’s physical devices. Unlawful appropriation of devices, sharing passwords, encryption keys and laptops with third parties in an uncontrolled out-of-office-zone environment is all factors for data breach scenarios. Here CASB approach definitely works for cloud security across hostile uncontrolled environment against unauthorized data access.
Effective data security policies like the implementation of DLP solutions in the form of CASB tools, together with effective employee training and management for improved awareness regarding access of sensitive data, helps in warding off such insecurities of data breach scenarios. Outside threats and employee negligence can be guarded against but when malice comes under the guise of a trusted employee within your own company then it is hard to predict and further hard to avoid. So it is necessary that companies do not neglect human emotions in a company full of digital systems.