by Daniel J. Solove
A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.”
According to the article, the study also indicated that “only 42 percent of the North American and European small and midsize business workforce surveyed had received training on how to remain secure at work, while only 57 percent say that they’re even aware of their organization’s current security policies.” The article quotes Heidi Shey, the study’s author, who says: “People don’t know what they don’t know. You’ve got to give them some kind of guidance and guard rails to work with.”
I couldn’t agree more. Data breaches are often not the result of technical deficiencies but of the human element. A person can so readily click on the wrong thing, place data in the wrong place, fail to properly dispose of data, improperly access data, or fall for a social engineering trick. All it takes is for one member of the workforce to slip up, and . . . bam . . . there’s a data breach.
Data security is only partly technical — it’s a human behavior issue, and that’s why education and awareness are so important.
****
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter
Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security