July 28, 2021

Improving the Human Firewall: How to Protect Confidential Information

Improving the Human Firewall: How to Educate Employees to Protect Confidential Information​

Ponemon Institute and IBM’s annual Cost of a Data Breach Report 2020 reveals how human error still accounts for 23% of all data breaches [1]. Despite this being the 15th instalment of the industry-leading report, this figure has remained consistently high since its inaugural edition. Begging the question if enough is being done to reduce the ongoing issue of human error and employee negligence in relation to data breaches?

Part and parcel of the problem is the fact that data thieves know employees are the biggest chink in any organisation’s security armour – and so their efforts to exploit this are unrelenting. Which has only become more pertinent since the start of COVID-19, with the added vulnerabilities of widespread remote or hybrid working thrown into the equation.

So, what’s the solution? For every business, regardless of shape or size, the most effective form of defence is to improve the human firewall – the term coined to describe the commitment of employees to follow best practices to prevent and report any data breaches or suspicious activity. Ultimately, the more employees you have committed to being a part of the firewall, the stronger it gets.

On the journey to establishing a human firewall, however, the first step to action is awareness. Below, we explore some of the most common types of confidential information to look out for, how to educate employees to protect confidential information, and steps your own organisation can take to improve your human firewall.

Understanding Different Types of Confidential Information

Understanding the different types of confidential information is one of the most effective ways for employees to bolster the human firewall. Broadly speaking, there are four main types of confidential information.

Employee Information

Information about employees is commonplace in any office – this is a prerequisite of work, after all. But any documents, such as payroll information to old applicant CVs, that contains information that identifies an individual’s name, address, or any other sensitive data, must be securely stored and destroyed.

Organisational Information

Organisational information is ultimately what we refer to as trade secrets. That is, anything not in the public domain that helps an organisation do its work better or more efficiently. Common examples of this are any documents, be they physical or digital, that contain information about industrial processes, budgets, costs and forecasts.

Customer Information

In today’s increasingly data-driven world, customer data is a key component of business success. But it’s imperative any customer information gathered and stored is done so in accordance with regulatory legislation, such as the GDPR. Something as simple as a customer’s email address falling into the wrong hands can be incredibly damaging for both customers and your business.

Professional Information

Similar to organisational information, professional information typically refers to the data encountered in professional services. From doctors to lawyers and accountants, professionals in this space have an ethical and often legally binding duty to protect patient and client information. Failure to do so can be detrimental to professional reputations, not forgetting the fines that often follow.

Steps to Improve the Human Firewall

So, you now know the types of confidential information to look out for. But more important is your workforces ability to be able to confidently handle and securely destroy documents. Below are four fundamental steps you can take to keep confidential information confidential.

1. Set Up a Information Risk Management Regime

Security experts identify people as the biggest targets – and weakest links – in the corporate security chain. Establishing a risk management regime which covers both online and paper-based documents that come in and out of your company is a necessary to mitigate risks and ensure compliance with data protection legislation.

2. Employee Education and Awareness

In any business, it’s essential that employees are not only aware of the risks, but also comfortable dealing with and reporting data breaches. By educating staff via regular training and giving them the ability to confidently handle confidential documents as well as the confidence to identify threats. This can greatly reduce the human error often attributed to data breaches.

3. Establish a Shred-it All Policy

Education and awareness is essential. Sometimes, however, determining if a document is confidential or not can be time-consuming and confusing. In response, it can be more effective to establish a Shred-it All Policy – where all business documents are placed in a secure, locked console and securely destroyed once they are no longer needed. This will help avoid any human error.

4. Partner with a Document Destruction Specialist

One of the most effective ways to improve the human firewall and protect your company against data breaches is to partner with a document destruction specialist. By ensuring any documents are securely destroyed, this greatly reduces the risk of a data breach by preventing the piling up of potentially damaging documents.
 
In today’s data-driven world, it’s more important than ever to take proactive action to improve human firewalls and reduce the employee negligence that often results in data breaches. Get in touch today for a no-obligation quote, to see how our services can support data security and compliance.
 
Source: IBM