The Good, The Bad and The Careless behavior patterns putting your business at risk

Do you know one of the biggest threats to the survival of your business?

You should do: you hired them.

Research shows that 60% of small businesses fail within six months of a security breach and leak of confidential records. They are paying a high price in disruption, lost revenue and reputation damage in the marketplace.

And while the mainstream media talks-up the threat from hackers, the clear and present danger is inside your office: your employees. But it’s not as simple as trying to spot the bad apple who is out to do your business harm. There are three patterns of behavior that can lead to data loss: The Good, The Bad and The Careless.

The Good

Even your best employees – the ambitious, diligent staff who take pride in their work – are getting duped into giving away access to your company network and confidential data.

For example, one of America’s fastest-growing scams is the “Business Email Compromise”, according to the FBI.

It’s a scam that preys on the best intentions of good people trying to do the right thing. They receive an email that appears to be from their boss asking for an urgent action: either sharing data or simply transferring cash to an external account. Eager to please, they act quickly.

But the email is a fake – they’ve been duped.

The FBI says that the typical cost of the scam is in the ballpark of $25,000 to $75,000. You need to encourage your best employees to be cautious and question unexpected requests.

The Bad

Heard the story about the accountant who stole $1million from a business by making a series of “micropayments” to himself over a period of months? No one noticed his small, regular payments.

How about the executive who ran off with product designs and a customer list and undercut the prices of his old firm?

Those kinds of stories are the extreme end of the spectrum of bad employee behavior. But what about the 87% of staff who say they would take company data with them when they switch to a new job?

They think taking a customer list will help them in their new role. They’re probably right. Problem is, that’s your confidential data walking out the door. You need to make it plain that work done on company hours is company property.

The Careless

Ask security experts where they think most data leaks start, and 57% will tell you it’s through “inadvertent errors” inside a business.

Think about the laptops, smartphones, and external memory sticks containing company data that get lost and left behind in public places. Think about colleagues sharing passwords to log-in to common accounts; or worse still using easy-to-crack log-in credentials like the infamous 1,2,3,4,5,6 password.

If there’s a work-around that saves a little time, you can bet someone will try it. But often those work-arounds bring poor security habits with them.

So, what can businesses do?

There’s a four-step process that every organization can adopt: audit, implement, educate and advocate.

Audit

The first step is to audit where sensitive data lives in your business. Chances are that your most sensitive records have been copied – often for good reason – and exist on multiple devices.

If you allow staff to bring their own devices to work, it’s likely you’ll find confidential company data is stored on them too. That makes maintaining a secure digital perimeter in your business all the harder.

Implement

You can’t watch all your staff 24-hours a day to ensure they’ve adopted strong security habits. You need to automate the process. Implement a data loss prevention solution to ensure that you control data flows in future.

Want to stop someone copying confidential files? Use technology to lock those files down and control their use.

Educate

If staff don’t know the risks involved in poor security habits, you can’t blame them when data leaks out. “Only 54 percent of organizations report they conduct security awareness training for employees and other stakeholders who have access to sensitive or confidential personal information,” according to Experian. “Making a significant dent in the number of breaches will require companies to pay more attention to raising the security intelligence of employees.” Quite right!

Advocate

Chances are you’re working as part of a chain. You’re working with suppliers, or you’re supplying goods and services to others. These days, every business is part of a network. You have nothing to lose and everything to gain by demanding the highest standards of data security from your partners. If they have access to your data, you need to know it’s secure.

Knowledge is power

So, the next time you see a news story about a teenage computer whizz, criminal gang or even foreign government trying to hack company data, take a deep breath and remind yourself that the problem is closer to home.

But like any business problem, if it’s inside your organization, that means it’s something you can fix.