20 Dec 2017
Would you believe that 50% of all events where the confidentially or availability of an organization’s information is compromised are caused by people within the organizations? Unfortunately, you don’t get to choose because according to the Verizon 2015 Data Breach Investigation Report that’s a simple fact. We’ve talked about insider security breaches before, but what we haven’t talked about is why people inside the organizations are responsible for almost half of all security breaches.
The good news is that most of these breaches are honest mistakes. Whether it’s by not properly storing data or something like losing an operating room schedule, employees make mistakes that expose sensitive information all the time. The best way to prevent these types of breaches is by taking steps to guard sensitive information like network infrastructure as well as making whatever tasks employees perform with sensitive information as simple and short as possible. Of course, if you take the time to make sure everyone in your organization understands the importance of handling sensitive information securely you’ll also cut down on these self-inflicted wounds.
But that’s not all organizations have to worry about though because all employee centered breaches are by accident. Too many organizations are finding out the hard way that some employees can be lured away by the paydays they can earn from selling off sensitive information. Med Center Health is one of them. Med Center is a 6 hospital system based in Kentucky, so they have no choice but to take their data security seriously. Still though, no matter how seriously you treat your data security, if someone with insider access wants to steal the data they’ll get to it eventually. That’s why Med Center Health suffered a breach affecting 160,000 patients, and their main lead as to how it happened is an employee stealing the records before leaving the organization.
Why would someone do that? Because private information like full names, addresses, and of course social security numbers are commodities that cybercriminals will pay for, and that’s exactly what these records contained. It might be hard to understand how someone could betray their employer, but people have done crazier things for less money than can be earned online.
Once again, this is where network infrastructure can save you a huge headache. When you put up checks within your infrastructure, not only do you prevent employees from accidentally exposing information but you prevent them from stealing it for profit. But setting up walls that show employees that you don’t trust them with the organization’s most sensitive information won’t be popular and it won’t be efficient.
This is where good cybersecurity training is as good as gold. If your employees understand the consequences of getting caught trafficking private information and know how much money they’ll cost the organization through free credit monitoring for affected clients and through possible HIPAA fines, then they might reconsider before they even think about stealing sensitive data.
No one wants to look at their employees and see people who might betray them. It completely undermines the spirit of trust and teamwork that make an organization great. That’s why you should invest in strong cybersecurity training for your employees and network infrastructure. Don’t know how to do that? Find a cybersecurity professional who does and hire them as quickly as possible, because with the amount of information and technology out there it’s only a matter of time until someone either hacks your network or convinces someone on your team to do it for them. Don’t put yourself in the tough position of looking at your employees as criminals, take your cybersecurity seriously and find an IT professional today.