BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>>

PREVIOUS

   Current Article ID:4076

NEXT



Human frailty

Editorial Type: Industry Focus     Date: 05-2014    Views: 4262   












Most data breaches are the result of mistakes, negligence or unexpected system glitches. Human nature dictates that they will always happen, so businesses must take pre-emptive action now to stop them occurring

Human error is addressed nowadays with data loss prevention (DLP) and other extrusion prevention solutions. The key for DLP systems to work - and reduce or eradicate data breaches caused by insiders - is mostly related to implementation.

So says Roman Foeckl, CEO and founder of CoSoSys, who then points out: "If you have an amazing business idea, but the implementation leaves a lot to be desired, there are minimum chances to succeed. The same goes with data loss prevention or other tools that prevent data breaches. Implementation does not mean only making sure the software is working and management has some nice reports about what data is going out or which users are most likely to cause a data breach. It is also about the human component. The solution may have a high level of complexity, but there will always be a person using the data."

ACTIONS AND CONSEQUENCES
Employees have to understand the consequences of their actions and they need to be empowered with responsibility, he points out. "For that, a simple poster hung above their desk is not enough. A systematic approach that relies on explanation of the value of data, delimitation of the most common exit points and presentation of patterns of prevention is recommended. The idea is not to treat employees as people waiting for the opportunity to steal or leak data. Human error happens to the best of us," he concedes.

Another way of looking at the solutions recommended to address the human error/risk consists in determining increased productivity, not disruption. "For example, if employees are forbidden to access certain websites or use some resources, most probably they will not appreciate a restrictive environment; and complaints, not to mention interrupted daily tasks, will appear. After all, businesses have to find the right balance between a certain level of trust in users and the proper measures to reduce to a minimum the risks of data loss."

According to Foeckl, best practices for DLP solutions - as they represent the first line of defence (before training and explaining to people what data loss is) - combine three elements:

• A high level of complexity - ensuring confidential data remains safe, regardless of where or how it is used
• Easy to use - as complicated solutions that disrupt a user's day-to-day tasks are likely to cause more problems than they solve
• User education - as they need to understand and assume ownership, and therefore be accountable for their actions.

"Of course, this goes the other way around, as well," he points out. "Businesses should consider talking to employees and prepare them for the next step, prior to the implementation of the DLP solution. But this is just another tactic that depends on the company's policies and their out-of-the-box thinking."

DAMAGING THEIR EMPLOYERS
The need for action has never been greater. Recent data breaches in the retail sector, for example, have highlighted the damage that a staff member, either incidentally or intentionally, can cause to a company, both financially and in terms of reputation. It's an issue that is starting to affect organisations more and more - and the need to put robust policies and procedures to combat the threat this poses is an urgent one.

Meanwhile, what has been happening in the retail sector is now mirrored increasingly in the wider business world. On this score, Marc Lee, director EMEA, at Courion, believes that we have failed to see the dangers in front of our eyes. "We've been smug in Europe, following the US Target data breach. A lack of comprehensive chip and PIN systems, which we've been so comfortably using for years, has contributed to the theft of millions of credit and debit card details." More fool us, he says. "We've now had our very own case of retail industry-related data theft here in the UK. But this time the attack is from the inside.

Page   1  2  3  4

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT