Whenever there’s news of a data breach, you might imagine sophisticated hacking attacks or illicit data theft by malicious employees. What you might not realize is how often data breaches happen because of accidents.
A 2019 report shows how often employees can inadvertently cause data breaches. In up to 60 percent of data breach cases, a person from the affected company was at fault. So we’ve got advice on how you can avoid becoming a similar statistic when using a work device.
1. Double Check Recipients When Sending Sensitive Data
A recent report by security company Egress shows how often employees can inadvertently cause data breaches. But often, these are down to simple mistakes, rather than malice of profit. For example, when writing an urgent email or sending a document for a deadline, it’s easy to accidentally send it to the wrong destination.
The Egress report states that 43 percent of data leaks were due to what is called “incorrect disclosure”. That just means sending a file to the wrong person. This included putting the wrong email address in the recipient field or faxing information to the wrong number. Another common error was accidentally using CC instead of BCC, which exposes the address of all recipients.
The lesson here is to double check the recipients of sensitive data. Whether you’re emailing, faxing, or sending by post, take a minute to ensure you’re only sending the information to people who should have it. For the best security, get a colleague to double check for you.
2. Never Share Your Passwords With Colleagues
Everyone’s heard that you shouldn’t share your passwords. But it’s easy to see why it still happens. Maybe you’re home sick and a colleague needs information from your computer. Or maybe your boss wants to access your email while you’re away on vacation. Not to mention how common it is to write passwords down on Post-it notes and stick them to a screen.
The problem is, when you share a password you make it less secure. If you email your password to your boss and their email gets hacked, now the hackers have access to your machine as well. If a colleague logs in using your password and sees data they shouldn’t, the responsibility will fall on you because it’s your account.
There are way to solve this though. If you have trouble remembering your passwords, then the best way to address this is to use a password manager. That way, you only have one password to remember. With that one password you can access all of your accounts from anywhere.
Don’t use obvious passwords like “12345” or the dreaded “password” because these are extremely easy for hackers to guess.
3. Learn About Data Ethics
Something many employees don’t realize is the data they handle as part of their jobs belongs exclusively to the company they work for. It doesn’t belong to them or to their department. Whether it’s a list of clients you’ve put together or data on customer preferences you’ve collected, this information is wholly owned by the company.
This is important when you look at the reason employees give for sharing data intentionally. One in five people who intentionally shared data said they did so because they thought it was theirs to share. A further 55 percent said they shared data insecurely because they didn’t know how to share it securely.
Unfortunately you can’t necessarily count on your boss or your department to teach you everything you need to know about data security. If you handle secure data as part of your work, you should take it upon yourself to learn about legal requirements and best practices for data handling.
It may also be worth consulting with your company’s IT department or data protection officer to learn more about what tools are available to you for handling data.
4. Be Vigilant About Phishing and Other Attacks
You likely know about the threat of phishing. When you see an email claiming to be from your bank and asking you to send your password, you know that’s suspicious. But phishing is getting a lot more sophisticated and you should be prepared for that.
The survey showed that only 5 percent of data leaks were due to phishing. However, these leaks tended to be among the most serious. New techniques like spear phishing target a particular individual with highly specific information. Especially if you work in IT or if you are a high level executive, you should be on the lookout for these attacks.
Another advanced cyberattack is whaling. This is where hackers compromise the account of a senior manager and use that to scam the employees who work beneath them.
If you ever see an emailed request that strikes you as odd, pick up the phone. Giving the apparent sender a call is the best way to quickly determine if a request is genuine.
5. Install Remote Wiping Software Onto Your Work Devices
Accidents do happen, and it’s easy to leave your work laptop or phone on the train at the end of a long day. Obviously you’ll try not to lose your work devices. But still, you should prepare for the possibility that you might.
As well as having a password on all your work devices, you should install remote wiping software. This could be using a tool like Find My iPhone for iOS or by allowing remote location and wipe in the settings of your Android device. When you have enabled these features, you can manage your device remotely from another computer.
You can log into your account and then either use the GPS on your lost device to find it, or delete the contents of the hard drive remotely.
Sure, it’s annoying to have to delete all your data and explain to your IT department that you lost a device. But it’s much better than being responsible for hackers stealing valuable or private information from your company.
Learn More About Security to Keep Data Safe at Work
These particular security practices will help you keep the data that you work with safe. However, there are many other security issues to consider when it comes to your personal computer use as well. To learn more about using a computer safely for both work and home, see our article on important habits for staying safe and secure online.