Do people with malicious intent present the biggest threat to personal data?

Against the backdrop of a complex and growing cyber threat landscape, organizations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans.

According to Apricorn’s latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data. A staggering fifty two percent of respondents believe that people with malicious intent present the biggest danger, whilst thirteen percent believe that unintentional human error is also a risk. In stark comparison, just thirty five percent of those polled see technology as a threat to personal data.

Worse still, twenty percent admitted they have breached corporate policies around data protection, with a further thirty four percent admitting they don’t even know of a policy within their organization.

Not only does this highlight the frequency and willingness of employees to breach corporate policy, but it also demonstrates the lack of awareness and education around corporate data security. There is a real need to strike a balance between policy and engagement in order to help prevent carelessness, and the dangers posed by uninformed staff.

Jon Fielding, Managing Director, EMEA Apricorn, commented: “The findings of our poll show that businesses have good reason to be concerned about employees contributing to cybersecurity risks. Whether staff are making unintentional user errors, or compromising data with malicious intent, business data and systems are at risk. The most dangerous aspect of insider threats and human error is the fact that the access and activities are coming from trusted users and systems, and can very easily go undetected if organizations are too complacent in their approach to data security.”

The Apricorn poll also found that over a quarter (27%) of respondents admitted that they had either lost, misplaced or had a device stolen containing sensitive corporate information. Organizations should incorporate and enforce information security policies, procedures and, ideally, encryption on all mobile devices, be it laptops, mobiles or other removable media.

It’s not enough to simply have an IT security policy in place, but staff need to be educated about the policies, and the importance of data security, to help mitigate these risks. IT security should also be enforced through technology, such as end point control only accepting corporately approved and encrypted devices for example.

“Educating employees in the value of the data they work with will help to build a culture of accountability, within which, keeping data safe becomes second nature to employees at every level. Employees are an organization’s biggest asset, but they can also be their biggest liability”, Fielding concluded.

Any data breach has the potential for huge reputational damage and financial losses, and with GDPR now in full force, organizations must ensure they monitor how data is processed, stored, retrieved, protected and deleted in order to remedy any shortcomings and ultimately avoid a costly data breach.

Organizations need to establish and maintain even basic level security to avoid the associated risks posed by insiders, malicious or otherwise.