The real threat of data breach comes from within an organization
Many companies install their server firewalls and anti-virus software and assume they have the issue of data security covered. While these measures protect against outside intrusion, they fail to target the biggest source of data tampering, as well as the most harmful.
According to research by computer consultant giant Gartner, company employees are usually the culprits of unauthorized access — 70% of the time. Perhaps more troubling, employee cases comprise 95% of the breaches that cause the company significant financial losses.
How can companies gain better internal security for their data?
A good place to start is to go paperless. Talk of “data” in the context of company leaks makes one think of only digital content, but actually 49% of the reported access violations involve paper files, according to a Ponemon survey. Paper files are particularly vulnerable to information breaches because it is difficult to know where a paper document has been, who has seen it, or for that matter, whether it is missing or just misplaced. Moving to an all-digital format at very least gives companies a platform on which to establish effective security controls.
The same Ponemon study makes a distinction between different modes of digital data. ‘Unstructured’ data — the files scattered among hard drives, laptops, and servers in standard Windows folders — constitute the low-hanging fruit for data violators. These unstructured files are not embedded in any kind of document management system to track their usage or control their access. A simple file management application can structure company documents into a centralized database system that logs an auditable history of users’ file operations for each document.
Structuring company files also makes password protection more practical. An administrator can make certain documents available only for certain managers (like the head of HR for personnel files) or for a whole department (engineering for CAD design files). Admin can also set up pre-set authorization rules for recurring documents, making sure protection is consistently applied to potentially sensitive material.
When managers have the ability to audit a trail of document usage and establish the rules of access into employees’ daily workflow, then a document management system itself becomes a deterrent to bad employee behavior. The temptation to steal or sabotage company data is countered by the threat of getting caught. To ensure internal data security, managers need to foster an atmosphere of accountability — backed up by real measures to prevent unauthorized access.