Simply Security - News, Views, and Opinions from Trend Micro

Posted on April 16th, 2012 in Policy by Simply Security | Be the first to comment | Tags: Policy

Businesses need to train employees on data security best practices.

Organizations are realizing that the data risk landscape is much more complex and troublesome than many employees thought or expected it to be. A new study by Fellowes found that many workers are just now realizing that a data breach can impact a company's customers, vendors and partners as much as the event hurts the business itself.

The survey revealed that although 81 percent of employees have access to confidential client and company records, fewer than two-thirds of them said they were properly trained on data security best practices. As a result, sensitive files could be exposed, unbeknownst to decision-makers and IT staff.

"Whether electronic or in paper form, confidential information in the workplace is a hot item for theft and the methods employed by criminals to obtain this information are constantly evolving," national identity theft expert John Sileo said. "With smart prevention measures, you can help your company avoid a costly breach that can lead to personal consequences – like identity theft."

Unfortunately, many employees inadvertently use unsafe methods when handling sensitive information. According to the study, only 60 percent of survey respondents said they use a firewall, while only 44 percent send mail containing sensitive records using secure mailboxes.

Additionally, a recent study by the Ponemon Institute found that many organizations, as a whole, are lacking the knowledge, skills and tools to secure applications, as roughly 80 percent of developers don't integrate data security into software.

"We set out to measure the tolerance to risk across the established phases of application security and define what works and what hasn't worked, how industries are organizing themselves and what gaps exist," Ponemon Institute founder Larry Ponemon said. "We accomplished that, but what we also found was a drastic divide between the IT security and development organizations that is caused by a major skills shortage and a fundamental misunderstanding of how an application security process should be developed."

The Ponemon study found that many companies have experienced one to 10 data breaches in the past two years because an application was hacked or inadvertently exposed sensitive information. This may be partly because only half of security personnel and developers have training in application security and the majority of both parties feel their software does not meet regulations for data protection and privacy.

"What emerged in this study was that companies don't seem to be looking at the root causes of data breaches and they aren't moving very fast to bridge the existing gaps to fix the myriad of problems," security expert Ed Adams said. "The threat landscape has grown substantially in scope, most notably as our survey respondents stated that Web 2.0 and mobile attacks are the targets of the next wave of threats beyond just web applications."

According to a study by Websense, more than half of companies experienced a data breach in the past year stemming from employees using unsecured mobile devices. This is often caused from a lack of education and training, leading many individuals to simply circumvent security features.

"Data protection can be simple as long as the proper procedures are in place and widely practiced," Sileo said.

By educating staff members on how to implement and use security tools, organizations can dramatically decrease the risk of falling victim to a data breach or cyberattack. This is especially important today, as the threat landscape becomes more complex and malicious.

Data Security News from SimplySecurity.com by Trend Micro