5 Data Handling Tips to Avoid Security Breaches at Work
Whatsapp Pinterest
Advertisement

Whenever there’s news of a data breach, you might imagine sophisticated hacking attacks or illicit data theft by malicious employees. What you might not realize is how often data breaches happen because of accidents.

A 2019 report shows how often employees can inadvertently cause data breaches. In up to 60 percent of data breach cases, a person from the affected company was at fault. So we’ve got advice on how you can avoid becoming a similar statistic when using a work device.

1. Double Check Recipients When Sending Sensitive Data

ways-write-email

A recent report by security company Egress shows how often employees can inadvertently cause data breaches. But often, these are down to simple mistakes, rather than malice of profit. For example, when writing an urgent email or sending a document for a deadline, it’s easy to accidentally send it to the wrong destination.

The Egress report states that 43 percent of data leaks were due to what is called “incorrect disclosure”. That just means sending a file to the wrong person. This included putting the wrong email address in the recipient field or faxing information to the wrong number. Another common error was accidentally using CC instead of BCC, which exposes the address of all recipients.

The lesson here is to double check the recipients of sensitive data. Whether you’re emailing, faxing, or sending by post, take a minute to ensure you’re only sending the information to people who should have it. For the best security, get a colleague to double check for you.

2. Never Share Your Passwords With Colleagues

Everyone’s heard that you shouldn’t share your passwords. But it’s easy to see why it still happens. Maybe you’re home sick and a colleague needs information from your computer. Or maybe your boss wants to access your email while you’re away on vacation. Not to mention how common it is to write passwords down on Post-it notes and stick them to a screen.

The problem is, when you share a password you make it less secure. If you email your password to your boss and their email gets hacked, now the hackers have access to your machine as well. If a colleague logs in using your password and sees data they shouldn’t, the responsibility will fall on you because it’s your account.

There are way to solve this though. If you have trouble remembering your passwords, then the best way to address this is to use a password manager. That way, you only have one password to remember. With that one password you can access all of your accounts from anywhere.

Don’t use obvious passwords like “12345” or the dreaded “password” because these are extremely easy for hackers to guess.

If you need to share access to information with colleagues, consider setting up a group email How to Create a Group Email in Gmail How to Create a Group Email in Gmail Learning how to create a group email in Gmail will make your life easier. Start on your Gmail contacts list with these tips. Read More or a sharing files using a service like Dropbox 3 Ways to Share Files With Others Who Don't Have Cloud Accounts 3 Ways to Share Files With Others Who Don't Have Cloud Accounts What's the simplest way to share files with others? Here are several ways that'll come in handy whether you or the recipient don't have cloud accounts. Read More .

3. Learn About Data Ethics

Something many employees don’t realize is the data they handle as part of their jobs belongs exclusively to the company they work for. It doesn’t belong to them or to their department. Whether it’s a list of clients you’ve put together or data on customer preferences you’ve collected, this information is wholly owned by the company.

This is important when you look at the reason employees give for sharing data intentionally. One in five people who intentionally shared data said they did so because they thought it was theirs to share. A further 55 percent said they shared data insecurely because they didn’t know how to share it securely.

Unfortunately you can’t necessarily count on your boss or your department to teach you everything you need to know about data security. If you handle secure data as part of your work, you should take it upon yourself to learn about legal requirements and best practices for data handling.

It may also be worth consulting with your company’s IT department or data protection officer to learn more about what tools are available to you for handling data.

4. Be Vigilant About Phishing and Other Attacks

protect-data-breach

You likely know about the threat of phishing. When you see an email claiming to be from your bank and asking you to send your password, you know that’s suspicious. But phishing is getting a lot more sophisticated and you should be prepared for that.

The survey showed that only 5 percent of data leaks were due to phishing. However, these leaks tended to be among the most serious. New techniques like spear phishing What Is Spear Phishing? How to Spot and Avoid This Email Scam What Is Spear Phishing? How to Spot and Avoid This Email Scam Received a fake email from your bank? Its part of a scamming technique called spear phishing. Here's how to stay safe. Read More target a particular individual with highly specific information. Especially if you work in IT or if you are a high level executive, you should be on the lookout for these attacks.

Another advanced cyberattack is whaling Worse Than Phishing: What Is a Whaling Cyberattack? Worse Than Phishing: What Is a Whaling Cyberattack? While phishing attacks target individuals, whaling cyberattacks target businesses and organizations. Here's what to look out for. Read More . This is where hackers compromise the account of a senior manager and use that to scam the employees who work beneath them.

If you ever see an emailed request that strikes you as odd, pick up the phone. Giving the apparent sender a call is the best way to quickly determine if a request is genuine.

5. Install Remote Wiping Software Onto Your Work Devices

Accidents do happen, and it’s easy to leave your work laptop or phone on the train at the end of a long day. Obviously you’ll try not to lose your work devices. But still, you should prepare for the possibility that you might.

As well as having a password on all your work devices, you should install remote wiping software. This could be using a tool like Find My iPhone for iOS or by allowing remote location and wipe in the settings of your Android device. When you have enabled these features, you can manage your device remotely from another computer.

You can log into your account and then either use the GPS on your lost device to find it, or delete the contents of the hard drive remotely.

Sure, it’s annoying to have to delete all your data and explain to your IT department that you lost a device. But it’s much better than being responsible for hackers stealing valuable or private information from your company.

Learn More About Security to Keep Data Safe at Work

These particular security practices will help you keep the data that you work with safe. However, there are many other security issues to consider when it comes to your personal computer use as well. To learn more about using a computer safely for both work and home, see our article on important habits for staying safe and secure online The 9 Most Important Habits for Staying Safe and Secure Online The 9 Most Important Habits for Staying Safe and Secure Online Read More .

Explore more about: Email Security, Online Security, Security Breach.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    September 25, 2019 at 5:32 pm

    "Unfortunately you can’t necessarily count on your boss or your department to teach you everything you need to know about data security."
    Strongly disagree. If the company assigns you to a task, it should make sure you have all the tools to do the job properly, especially when it involves sensitive data. All my employers made sure I was properly trained for the task(s) they required me to do, whether it was stocking shelves in a grocery store or being a system programmer in an IT department. If the boss doesn't make sure you are trained properly, (s)he better not expect you to do the job properly.