Data safety is serious business, and several surveys published this year have shown that the biggest risk to data safety is your employees.
The notion that your employees hold your business’s security in their hands is a scary one. Fortunately, the surveys have also suggested that it is usually out of ignorance, rather than maliciousness, that employees compromise data.
This means that employees just need some training and motivation to implement proper data security measures. Below are several steps business leaders can take to encourage their employees to make data safety a critical part of their roles within the company.
Run a security audit to see where the weak links are
This first, essential step helps you clearly identify the weak areas in your data security. Of course, most of the weak areas will have something to do with your employees. A study by Osterman Research found that 58% of respondents said malware was unknowingly downloaded by workers browsing the Internet, and 56% blamed the malware and phishing found on workers’ personal e-mail accounts for data security breaches.
You cannot assume this is an issue with lower-level employees alone, however. The Stroz Friedberg survey found that 58% of senior managers admitted sending sensitive information to the wrong person. Only a quarter of all lower-level employees did the same. Similarly, 51% of upper management employees said they took files with them after they left a job, compared with 25% of workers overall.
Put security measures in place that address these weak links
Clearly, security processes and technology must be put in place to ensure data is protected. According to the SecureData survey, 50% of respondents felt that a holistic approach to security was key to meeting security challenges.
This holistic approach should involve employees at all levels, and it should work across all departments. Among other processes, every device each employee uses should be protected with multiple security features, including strong passwords which are changed regularly and asset tags like the ones from TechTagger. Each device should also have several layers of security technology, including antivirus programs such as Norton AntiVirus and anti-spyware apps such as Malwarebytes Anti-Malware and the Comodo Internet Security suite.
Train all employees, so they know the processes
According to the Stroz Friedberg survey, only 37% of employees received training in mobile device security, and only 42% received training in information sharing. It is clear, then, that training across all employees is seriously lacking in most companies.
Despite this obvious need for training, many companies continue to fail in this critical area. A quarter of respondents to the SecureData survey said their company had a problem implementing a clear security management policy, and another 40% felt that the key to improving security lay in educating employees.
Extend the processes to include personal devices
Employees engage in professional tasks across a range of devices, both company-owned and personal. This opens up a whole other area of security risk, as personal devices don’t always have the same level of protection as professional ones.
That is probably why 75% of respondents to a recent Ponemon Institute survey felt mobile devices were the biggest source of security risks. Despite this, 46% said they hadn’t taken any action to protect these devices.
It is clear, then, that the security measures placed on company-provided devices must be extended to personal devices used for company business. These devices must also include the passwords, asset tags, programs and apps that protect every other device used in your company.
At the end of the day, it is down to each business owner or CEO to lead the charge when it comes to data safety. If you make it clear that data security is a priority for the business and ensure it is engrained in the company culture, it will become a priority for employees. With that, the weakest link in most companies’ data security chain will become the strongest for your company.
Britt Klontz is a digital content strategist at Distilled, an online marketing company. Say “hi” and give her a shout @Britt_Klontz, she’s always up for having a conversation about digital marketing tactics and social networking in general.