Internal Forces the Cause of Lost Data?

3 05 2010

Last week, I blogged about Accenture’s new report, “How Global Organizations Approach the Challenge of Protecting Personal Data,” and focused on their first finding, “there is a notable difference between organizations’ intentions regarding data privacy and how they actually protect it, creating an uneven trust landscape.” This week, let’s look at the second key finding:

“A majority of organizations have lost sensitive personal information, and among these organizations, the biggest causes are internal and therefore something they could potentially control. This suggests accountability for and ownership of how sensitive data is used may be lacking in many organizations.” The report goes on state that, “larger organizations struggle more to prevent breaches than smaller ones – likely because, with many more employees and more geographically dispersed operations, the opportunities for data to be lost or compromised is greater.”

The report found that 70 percent of organizations with more than 75,000 employees have experienced a loss of sensitive personal information compared to 40 percent of organizations with fewer than 500 people. Internal issues – employees (48 percent) and business or system failure (57 percent) – were cited most often the source of data breaches – a stark contrast to the common perception that external forces are the biggest threats to security and privacy.  Reasons for internal causes of data loss?

  • Lack of adequate policies and training programs
  • Lack of adequate controls – employees have too much access to sensitive data
  • Not having a full understanding of data flows across the organization

From an employee standpoint, there are simple measures that can be taken to ensure sensitive, proprietary or confidential information is not compromised. By giving employees an easy-to-use tool to encrypt and protect data, you are one step ahead of the game.

For larger organizations, the task can be more complicated. A large data center may have various protocols for sending information both internally and externally: FTP, SFTP, home-grown solutions just to name a few. Many large organizations might not even be aware of all the protocols used to transfer data. This causes silos of information and a general lack of secure file transfer. Solutions do exist to securely transfer data and files enterprise-wide, while setting up user authentication, controls and policies.

Do you have internal policies or controls set up to ensure the security of your data?