Experts Tap Into Common Data Security Mistakes Employees Make
As technology becomes ever more complex - and integral to the way companies operate, there are increasing issues with data security.
Sometimes they arise simply because of employee mistakes, which could quite easily be rectified with proper training and implementation.
On other occasions they occur because of a lack of basic maintenance - whether that’s hardware or software-based.
Let’s take the issue back to basics and ask a few simple questions. If you, or your company are not sure how to answer them then it’s perhaps time to look at reviewing and implementing better data security protections for you and your team.
Could your company survive a data breach in which your private customer's data is made public?
Could your company withstand a computer server crash that wipes out your data?
Could your company cope with a specific cyber attack?
Common examples of data security errors
Here are just a few ways in which data security can be compromised in a work situation.
Use of old technology
Buying new tech like laptops and computers is costly. Sometimes, to reduce those costs companies continue to use older tech for working on. However, consider the fact that older devices run older software and are often prone to working slowly and freezing up. They’re also less likely to be able to stand cyber attacks. These factors put data at risk and it’s why it's recommended that computer hardware is updated every three years.
Unencrypted emails and messages
Companies sometimes forgo the encryption of in-house emails and messages as it’s costly and can be complicated to set up, but this one task could make or break data security in a workplace. All employees need to automatically assume that every message or email they send could be intercepted by a cybercriminal and know that anything sent that is unencrypted could potentially be intercepted and cause company-wide problems.
Not utilizing cloud computing
You’d be surprised at how many businesses still don’t employ cloud-computing methods as a way of keeping data safer. This type of application offers much better functionality from the get-go but is also more easily accessible for employees and other authorized users. It’s often more secure than other in-house computer systems that can lack security, anti-virus protection, and firewalls. This one simple - and relatively inexpensive investment can make a huge difference to data security at work.
But what about other factors - such as looking after hardware and personal data? We’ve got together with a few experts and asked them about some of the most common issues that occur with data security in the workplace - whether that’s in an office or a hybrid working situation. Let’s take a look at what they have to say…
Issues with forgotten personal data on laptops
“Workers should make sure they check for anything they may have inadvertently kept. Did you once download a presentation or client sheet onto a thumb drive or external drive so you could work from home? Did you email your personal account with some documents that have sensitive source code in it? These are all possible red flags for employers and could cause you problems at your new place of work.
“You don’t have to have the nuclear codes to get in trouble,” Mark Neuberger, labor and employment lawyer said. “Worst-case scenario … they can come after you with civil or criminal charges.”
The reality is that tracking and separating work and professional data has become messy. While experts say the best practice is to avoid using work devices for anything personal, there’s likely to be some crossover. And often employers are relatively understanding about the issue, experts note.” Danielle Abril writing for Washington Post
What are the potential legal consequences of a data security breach?
First, the term ‘data breach’ is very broad – so broad that no data breach event is exactly like any other. By definition, a data breach is generally understood to have taken place when any unauthorized party gains access to any sensitive or confidential information in any way. As such, the consequences will depend on the specific elements of a breach and various surrounding factors. These include the kind, sensitivity and volume of data affected, how it was accessed (and if possible, by whom), whether the data can be re-secured, etc. Second, a wide variety of potential consequences can arise from a data breach event. Some of these are clearly ‘legal’ e.g., investigation expenses (internal and external), notification and remediation costs, regulatory fines/penalties, and ongoing litigation costs. Some of the most troubling consequences might be considered ‘non-legal’. For example, a data breach event can lead to a significant loss of trust from customers or the public (resulting in business impacts like decreased sales); it can cause other reputational damage (e.g., with regulatory agencies); and it can seriously compromise key employees’ ability to focus on regular business activities. There may be other lingering ‘fixed’ costs as well, such as higher IT costs and increased insurance premiums. In sum, the legal and non-legal consequences of a data breach can be numerous, expensive, and long-lasting. The real costs and consequences of a data breach can be difficult to assess until long after the event itself has been resolved. Joe Brennan, Partner at InfoLawGroup
What are the best ways for tech personnel to stay updated on the latest cybersecurity threats?
For tech professionals looking to keep up with cybersecurity trends, a few good habits can make all the difference. Regularly updating your skills through courses and certifications is a solid start (Google, ISC2, etc). Don’t forget to check out security conferences and webinars, too—not only can you learn a ton, but you can also network with individuals who may hold similar roles at other companies and know tips, tricks and best practices. Tools that give real-time alerts on new threats can be super helpful, and diving into online security forums can give you some great peer advice. Staying informed means you’ll be ready to tackle those cyber challenges head-on. Emily Harden, Executive Director at Techlahoma Foundation
Why consider neurodiversity in relation to cybersecurity?
Considering neurodiversity in cybersecurity brings significant benefits and untapped expertise into an important field. First, it taps into an underutilized talent pool for a high-demand field. Cybercrime Magazine estimates there are $3.5 million in unfilled cybersecurity jobs globally in 2024. Autistic and neurodivergent team members could be an important piece of filling those roles. Neurodivergent people often have intense special interests and passions — cybersecurity among them. Tapping into that passion and pairing it with a business need can yield incredible results. Some neurodivergent employees also have gifts for spotting anomalies and that can be especially important when it comes to threat-hunting and other aspects of cybersecurity. Last, but certainly not least, the front line of cybersecurity is implementing operating procedures and tools that all people can understand. Considering neurodiversity when doing so can ensure a wide range of people will be able to adopt and execute cybersecurity best practices across an organization. Tara May,CEO of Aspiritech
What are the most common intranet security vulnerabilities?
There are so many different attack vectors that can be used by the modern hacker that it can be a daunting task to keep on top of all of the current risks. My key recommendation is to make sure that you have a security team around you that is switched on to all the different risks. These can range from hundreds of thousands of 404 errors triggered by invalid URL requests probing for known vulnerabilities to more direct targeted attacks and, of course, good old DDOS-style attacks. Ensure that you have a suitable error logging system or capture process in place that is able to recognize malicious signatures and then block traffic for those requests in real time. Backing this up with regular patching, security reviews, risk analysis, and internal/external audits will go a long way to helping you sleep at night. Also, don't forget the basics such as using the principle of least privilege (PoLP). Apply this to your internal network traffic as well as people, permissions, and processes. Mike McMinn, Co-founder MyHub Intranet