While most insider data breaches are the result of user error rather than malicious intent, a data leak caused by a misaddressed email can have the same costly, negative impact as an employee stealing intellectual property.
If employees are not familiar with correct policies and procedures when it comes to handling corporate information, and there are no systems in place to train, inform, and remind them of these policies, there is more of a tendency for them to engage in risky information handling. You can install technologies to prevent users from undertaking certain activities, but if they don’t understand the value of the data they are working with, they are likely to see the technology as an impediment to getting work done, and actively seek methods to get around security.
How can you ensure that your employees are working for you rather than against you when it comes to protecting sensitive information, and in turn mitigate these accidental insider breaches? Here are five quick tips:
- Actively engage end users to identify sensitive content in email and documents, rather than relying solely on automated content scanners.
- Educate users by enforcing corporate policy and providing instant feedback within the application they are working in so that users receive targeted, interactive education that does not disrupt their workflow.
- Enable users to self-remediate policy violations through options such as editing the content, redacting sensitive sections, and removing unauthorized recipients.
- Raise awareness by applying visual markings to email and documents so that internal and external recipients know how to handle the information.
- Enhance DLP and other endpoint and network security solutions by adding metadata tags to email and documents to enable these solutions to make better policy decisions.
Want to learn more? On Wednesday, October 21 at 11:15am, I will be presenting the session, Your Information Security is as Strong as Your Weakest Link – Tackling Insider Threats, at GTEC 2015 in Ottawa. Hope to see you there!