January 19, 2016

Public Sector Document Destruction Best Practice

“The user is the weakest link in the security chain,” pronounced a recent cloud cybersecurity report by US organisation CloudLock.  

You won’t get a lot of argument there.

The 2016 Data Breach Industry Forecast by Experian, for example, stated that ‘the number one leading cause of information security breaches resulted from non-malicious employee error’. The study also predicted that human error will continue to be one of the leading causes of data breaches this year.

Data breaches carry a high price tag financially, and in the loss of reputation and customer base. According to the 2015 Ponemon Institute Cost of a Data Breach Study, the average cost of a data breach in the UK now stands at £2.37 million, of which £1.07 million can be attributed to lost business.

So how do employees increase the risk of an information security breach?

Irresponsible in the Cloud: The Q3 2015 Cloud Cybersecurity Report showed that in cloud environments, 75% of the security risk can be attributed to just 1% of users, whether user behaviour is unintentional or malicious.  

Understanding the composition of this 1% is important to office security. “Often times, this subset of users includes super-privileged users, software architects, as well as machine-based identities that grant access privileges and archive data.”

Using Apps: The CloudLock report showed that 1% of users represent 62% of all app installs in the cloud.

CloudLock said there are over 91,000 unique third-party applications in existence.

But research has shown that apps are often targeted by cybercriminals as entry points into an organisation. Also, there are counterfeit or malicious apps that look legitimate but are not.

In a report by Ponemon, 36% of respondents said their organisation lets employees copy confidential data to public cloud-based applications. But 46% say they are not able to manage or control what is copied in the cloud; 11% are unsure.

Indiscriminate Use of Social Media: Hackers use “decades old” techniques such as phishing and hacking in order to access information.

Employees should be aware that criminals often use social media websites as sources for personal information that they then use in spear phishing in order to get more information and/or gain access to corporate environments.

Sharing Confidential Information with Third Parties: Almost three quarters of cloud-based sharing occurs with personal, non-corporate domains such as Yahoo and Hotmail.

If your organisation is connected to a third party supplier that is compromised, that compromise has a bridge right into your organisation.

Use Personal Devices for Work: Almost half of respondents in the Ponemon study said mobile devices used in their organisation do not have adequate security or control features. When there are controls, just over half (52%) say employees circumvent or disable required security settings.  

How can you improve information security in your workplace?

  • Limit access to sensitive information;
  • Introduce a clear and thorough document security policy.
  • Use security safeguards including passwords, anti-malware/anti-virus software, encryption and network security;
  • Make people your first line of defence with security policies and procedures and on-going security awareness training;
  • Implement a comprehensive mobile device policy that includes app controls;
  • Evaluate third-party suppliers to be sure they are committed to information security;
  • Only keep data on a need-to-know basis; otherwise have it securely destroyed.
  • Save time and reduce risk by outsourcing all of your document security needs.