Anthony Hill, Geeks2U’s head of technology, authored the below blog for SmartCompany.
For all the concerns about hackers and scammers targeting your business, you’re actually most at risk from your own staff being oblivious to the consequences of their actions.
As major security breaches make the headlines more and more often, it’s tempting to think that the key to business cyber-security is reinforcing your external defences to keep out the bad guys. That’s certainly important, but a well-rounded business security strategy focuses just as much on the enemy within.
Of course there’s the occasional disgruntled employee with an axe to grind but simple human error or accidental loss by an employee is the biggest source of a potential data breach, according to security company Shred-it’s second annual Australian Information Security Tracker study.
Based on responses from more than 1,100 businesses across the country, the report paints a disturbing picture – with security risks typically coming down to inadequate staff training and poor implementation of information security policies and protocols. Despite half of all small business owners recognising this as an area of concern, almost a third either don’t have information security policies in place or haven’t sufficiently trained their staff on how to implement these policies.
A third of respondents to the survey insisted their business had absolutely no documents that would cause harm should they fall into the wrong hands through loss or theft. It’s pretty hard to believe that any organisation could walk away completely unscathed if it’s financial paperwork, customer database, employee records, supplier agreements and long-term strategic plans found their way to a competitor.
Shred-it advocates a “clean desk policy” to ensure paperwork doesn’t go astray, which isn’t surprising considering that they’re in the business of shredding confidential documents, but they raise a good point. Whether you’re dealing with piles of paper or folders full of digital files, it’s important to consider which staff need access to sensitive information and what processes you have in place to ensure this information doesn’t find its way out the office door.
Chances are you wouldn’t give every staff member the key to the office door or combination to the safe, not because you don’t trust them, but simply because it’s an unacceptable security risk. It’s important to take the same care when deciding who has access to your precious business information.
David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.