Taking on the inside threat

Taking on the inside threat

In the public eye, all data breaches are the result of a malicious team of hackers bent on overthrowing the Internet and free expression. Maybe a few of them are – but in all likelihood, there is a more common, somewhat less sinister cause of a significant portion of data loss.

Employees themselves are a weak point for a number of organizations. In a new study from Ponemon that surveyed 1,100 IT practitioners and 1,100 end users, a majority expressed their belief that staff negligence is often the cause of data loss, Forbes reported. Additionally, 49 percent of practitioners and 78 percent of employees said their organizations would be unable to assess what happened to lost data, files or email.

That's why companies should invest in a data center outfitted with biometric security in order to guard against employee-related risks, whether by negligence or intent. Biometric technology negates employee-caused data loss by only allowing security clearance to those with proper credentials. That means employees not trained to handle sensitive information and employees trusted not to cause a breach will be the ones with access.

Additionally, there are platforms available to ensure that even those staff members with security clearance would be hard-pressed to be the root of a data breach. One such system makes use of two separate, simultaneous biometric access control points to achieve access. In other words, two individuals with equal access would have to provide a fingerprint at the same time, making it much harder for an individual to act alone.

How to eliminate the low-tech threats
After moving important data to a biometrics-enabled data center, companies also must make sure that the office is safe from data theft. With the rise of BYOD and mobile technology, more and more data is exchanged and accessed in a routine day at work. It doesn't even take an expert hacker to pilfer data at work, according to CSO Online.

Some devious workers can use mobile devices to snap pictures of company passwords and employee information in order to gain access to restricted information. Companies should combat this by taking care not to leave company passwords where anyone can see them and tell their employees to be wary of what information they make available.

Others might pose as IT workers to convince staff to reveal passwords or email addresses and penetrate a company's database. An organization's best defense against these thieves is to raise awareness and always require proper credentials from visitors – especially those who ask for sensitive information.

Posted by

Comments are closed.