Employees represent one of the biggest risks to the security of company data. Whether the risk comes from unintentional data leakage or through malicious theft of data, companies need to endure that when it comes to data security employees are well informed on how to handle and store data, as well as the repercussions for data leaks.
Set clear policies on handling company data for employees
Companies often neglect to implement policies that stop employees from taking company data when they leave their jobs. According to a Biscom study 84% of employees stated that there were no policies preventing them from taking company information.
Prevent this kind of information leakage by creating comprehensive policies that outline all information, documents, and data created by the employee, or any other employee, belong to the company.
Data protection should be part of employee orientation and training
Communicating effectively with employees goes a long way to ensuring that data remains protected. Part of this communication should include the regular training of employees of data protection and security rules and processes.
This training should include software and tools used to protect data, policies such as using personal devices to access and complete company tasks, and using consumer versions of file sharing and collaboration tools.
Data ownership and handling policies must be part of employee contracts
Employment contacts, codes of conducts and offer letters should include a section on data ownership and handling. This established from the beginning not only who the data belongs to but also what the ramifications of data leakage or theft are.
Limit access to data
Give appropriate permissions to employees based on their roles in the company. Use a spreadsheet to list every employee’s access, tools and apps, to help you monitor and cancel accounts based on roles.
Encourage reporting of suspicious activity
Make employees aware that they need to report any suspicious behaviour and train them on how to recognise phishing schemes and how to speak up if they suspect an internal threat.
Cibecs, helps IT to take control of endpoint data security with Data Loss Prevention, learn more here.