By now, the incredible cost of a cybersecurity incident is well understood. According to a 2018 study by the Ponemon Institute, the average cost of a data breach approaches $4 million, with cascading opportunity and reputational damage that can far exceed this number. Unfortunately, despite the terrible consequences, data loss events are increasing as the treasure trove of customer data that companies store has immense value for those brazen enough to steal it.
In the digital age, data loss events are a “when” not “if” proposition. As evidence, every week seems to present a new eye-catching headline about a devastating data breach that compromises customer data in a profound way.
Most recently, Marriott, the largest hotel chain by market cap, became the latest company to endure a catastrophic data loss event. The Marriott hack, which compromised the passport credentials, credit card numbers, social security identifications, and addresses for 500 million users, is the second worst breach in history, following only Yahoo’s 2016 data disaster that impacted three-billion users.
While companies and media pay significant attention to external threats, one of the most potent risks is often lurking in the office cubicle. Shred-It’s 2018 study on data security concluded, “69 per cent of breaches reported by C-Suites and 71 per cent of breaches reported by SBOs are at least in part attributed to employees—whether through human error or accidental loss.”
Moreover, this problem is exacerbated by the state of the modern workforce as remote employees and third-party vendors access company networks and compromise their data’s integrity.
When it comes to data security, CNBC rightfully concludes, “Hackers are no match for human error.”
Data loss events may be horrendously normative, but that doesn’t mean companies can’t take steps to protect their data. As a result, many companies are turning to employee and user activity monitoring software, an established oversight practice that is making a comeback in our perilous digital moment.
When applied to protecting against internal threats, employee monitoring software can be a highly effective tool for protecting customer data. Here’s how:
1. Employee monitoring software can identify and reinforce data movement boundaries
Employees misuse company data both maliciously and accidently. Gartner’s 2018 report on employee monitoring software indicates that some employees steal company data to help generate a second income while others take information as a last act of rebellion on their way out the door.
In a particularly outlandish example of data theft, an Australian software engineer loaded 120,000 company files onto a flashdrive, which the law firm Meerkin and Apel described as a “trophy.”
Of course, not all employees are so cunning.
In 2017, a Wells Fargo employee inadvertently transmitted 1.4 gigabytes of data to a lawyer outside of the bank, including the detailed information on 50,000 of the bank’s high net worth individuals.
Fortunately, both the malicious and the accidental can be averted by creating data movement boundaries. For instance, employee monitoring software can prevent employees from saving company information to personal cloud storage sites or from copying it to a flash drive. Using smart activity and behaviour rules, any company can configure employee monitoring software so that it prevents specific emails from being sent, attachments from being forwarded, files from being uploaded or websites from being accessed.
What’s more, it can notify IT administrators when this activity occurs, giving them an opportunity to address the situation directly.
2. Employee monitoring software can restrict access to sensitive data
A company’s data is one of its most valuable commodities, but too often it is not treated with the care and concern it deserves. Just as a bank only opens its vault to certain employees, so should companies limit employee access to certain data.
Companies can put employees on a need-to-know basis for data access, and they can use capable employee monitoring software to place boundaries around the information that they do not need to know.
By developing smart rules around data access, companies can ensure that their data is dynamically protected against inappropriate access or movement. While this doesn’t eliminate the threat entirely - after all, someone with privileged access can still attain sensitive data - it mitigates the threat, lessening a company’s overall security exposure.
In addition, this allows organisations to provide additional security protocols and training for employees with access to sensitive data.
3. Employee monitoring software can gather forensics to understand flaws and hold users accountable
Indeed, many things could change by the end of 2019, but the scourge of data breaches is unlikely to abate. Obviously, employee monitoring software can’t solve every security concern, but it is a critical part of a holistic approach to data security. When combined with the right personnel and the proper protocols, it provides organisations with confidence that they are protecting their organisation from a damaging data breach from within.
Data security is a fluid endeavour with motivated criminals always striving to find ways to subvert the system. Therefore, the forensic capabilities of employee monitoring software are an especially influential deterrent that also provides essential evidence should a data loss event occur.
Employee monitoring software provides companies with the insight they need to understand what went wrong and who to hold accountable. With real-time screen session recordings, IT administrators have the evidence they need to take action.
When coupled with other abilities like keystroke recognition, printed document tracking, and file transfer tracking, employee monitoring software collects a cadre of digital forensic evidence that provides the insight needed to adequately understand and respond to any malfeasance.
This is especially important as companies look to quickly respond to an embarrassing data episode.
Isaac Kohen, Founder and Chief Technology Officer, Teramind
Image Credit: Wright Studio / Shutterstock