The year 2016 set records for data breaches, with a 40 percent increase from 2015, according to the Identity Theft Resource Center. High-profile victims included companies such as Wendy’s and organizations such as the Democratic National Committee. Those attacks compromised a staggering 4.2 billion records.
What’s at the heart of this growing problem? Where do the vulnerabilities that lead to these costly, devastating breaches originate? According to a recent data security survey by Ipswitch File Transfer, the answer is clear: employees. The ways in which employees are putting their companies at risk may vary, but the fact remains that they are the common denominator connected to lapses in information security.
BY THE NUMBERS: EMPLOYEES AS A DATA SECURITY LIABILITY
The primary way employees put your company at risk is by thwarting IT and sending sensitive information and files through unsecure messaging platforms that IT can’t audit. In doing so, they put the data assets from your business and your clients’ information at risk for exposure. Consider the following statistics from the Ipswitch survey:
- Eighty-four percent of employees send confidential information through unsecure channels. Without end-to-end encryption or encrypted attachments, this method poses risks to transmitting classified information. The survey further found that 72 percent of employees who admitted to sending information through unsecured channels said they did it at least once per week, while 52 percent said they did it at least once per day.
- Fifty percent of employees upload sensitive files to cloud services. Uploading confidential business information to services such as Dropbox or YouSendIt makes information vulnerable, both in the transmission to the cloud and the storage within the services themselves.
- Thirty percent of employees have lost USB drives that hold sensitive business information.
- More than half of IT managers do not have visibility into data and file transfers within their own companies.
IMPLICATIONS OF DATA SECURITY STUDY
The take-home points of the survey are as follows:
- If you want to maintain information security, start with your employees.
- The survey also makes clear that if you don’t give your employees a practical means to communicate securely in a way that IT can audit, employees will take matters into their own hands, such as by sending sensitive information as unencrypted attachments, personal email, or unencrypted messaging apps.
- Offer a simple, user-friendly platform that can also offer end-to-end encryption and monitoring capability for auditing and security purposes.
WHAT CAN HAPPEN WHEN COMMUNICATION PLATFORMS AREN’T SECURE?
Your employees decide to communicate by text message about work matters and occasionally include information about accounts, projections, contracts, or other sensitive material. That content is not secure when sent over traditional SMS (text messages) because they are not encrypted. Those messages can become intercepted, accessed by hackers on the employees’ phones themselves, or subpoenaed through the wireless carrier.
Another risk, even when employees use encrypted apps designed for consumers, is a lack of administrative control by your IT department. For example, you create a WhatsApp group for your employees to discuss pricing, sales projections, and other important business data. Then one of those employees leaves the company. Since the consumer messaging app isn’t under your IT department’s control, that former employee can continue viewing the communication among your team members and potentially pass it on to competitors.
CHOOSE SECURE BUSINESS MESSAGING PLATFORMS
With the right secure business messaging platforms, you can gain security and functionality for your sensitive communications. Some companies offer both desktop and mobile versions so that your employees have universal access to their messages no matter where they are.
The right app will have end-to-end encryption: The data you send will become scrambled upon transmission into an indecipherable code. Upon reaching its intended recipient, the information will become decrypted and able to be deciphered by that intended receiver. With this measure in place, even if the information becomes intercepted, the person who intercepts the data will be unable to understand it.
Enterprise apps that offer end-to-end encryption can also offer useful features to help your employees communicate more effectively. For example, these apps can monitor, store, and share files and messages or collaborate on projects within the apps, all with the highest level of security. Certain apps will also allow your employees to choose what’s called ephemeral communication: The message will disappear once the recipient reads it. Note that the sender can choose to create this ephemeral communication. The contents of ephemeral communications cannot be subpoenaed, for example, if a legal proceeding arises.
A common misconception among businesses is that the biggest security threats are external. In reality, the vulnerabilities that open businesses up to data breaches start from within, but secure messaging is the most effective way to address that problem.