The Biggest Risk to Your Business Data

The Biggest Risk to Your Business Data

What do you think poses the largest risk to your business data?  

As well as being the largest risk to your data, this particular risk is expensive, hard to track and almost impossible to prevent.

Viruses? Malware? Spam?

Russians?

The Answer: It’s your staff.

Why Staff?

Staff simply have access to the largest amount of data.  It’s a percentages game of people with access will eventually do some damage (intentionally or otherwise).  From allowing a phishing scam to slip through on email, to going out of their way to delete corporate data that they perceived to be of no consequence or worse.

If I had a dollar for every time someone phoned asking us to “keep an eye” on a staff members actions and usage of the corporate network…

The simple fact is, most clients don’t have the required network equipment or software in place to do a simple audit of a person’s activity or actions inside the corporate network.  We have a few tricks up our sleeve which I can’t divulge here but for the most part, someone looking to do harm to your business by using your own data against you is going to achieve that goal if they have access to the information.  That risk is real and we see staff leaving all manner of organisations, taking who knows what with them on USB keys or via private cloud services that we have no visibility or control of.

I promise that by the time you think you have a problem with a staff member, the horse has already bolted.

Ways to Minimise your Risk

Train your staff in how to identify threats.  From phishing emails to web links that point off to less than reputable sites. Investing in a lunch and learning with your team will pay huge dividends, especially when they start to identify threats to your network security for you.

Limit access to your corporate data as much as practical.  Ask your IT provider to help you create a logical group structure for your staff. This will allow them to minimise access to only the relevant data each team requires to be effective.  So instead of letting the whole company access sensitive client data or sensitive internal data, make sure you have appropriate levels of access in place.

Throw out your Netgear modem! Seriously, get a REAL firewall that allows you to chose what access people have from your work environment out to the rest of the world.  We have blogged at length in the past about Watchguard devices and the benefits.

Lastly, consider moving your data to the cloud.  The auditing that becomes possible when you move to Google Drive or Dropbox for file storage is very granular.  You may not be able to limit access to the data for your team to be effective.  You can certainly audit and report on every file they view, download or edit and from which locations it has been accessed.