Email is the most common technology used in accidental databreaches, according to a survey of 1,000-plus U.S.companies sponsored by data securityplatform Egress and conducted byOpinion Matters research group.
|Eighty-three percent (83%) of organizations surveyed said theyexperienced an accidental data breach. When an employee hasunintentionally exposed sensitive data, 51% of respondents said itwas through an external email provider, such as Gmail and Yahoo.Meanwhile, 46% said corporate email was used in an accidental databreach.
|Pitfalls: emails to wrong address, forwarding sensitiveinfo
Common employee email pitfalls include sending emails to thewrong address, forwarding sensitive information and sharingattachments with hidden sensitive content, accordingto the survey.
|The respondents were senior and mid-level securityprofessionals.
|Egress cited the "explosive growth" in unstructured data, suchas emails, documents and files, and the growing methods employeescan use to communicate as factors that have significantlyincreased the chance of exposing sensitive data.
|Collaboration and file shareservices like Dropbox and Slack are becoming commonly used atorganizations and as a result, sensitive information is beingexposed, the survey noted. Indeed, 40% said file sharing technologywas used in employee-caused breach accidents, followed closely(38%) by collaboration tools.
|Encrypting everything isn't the solution
The survey singled out encryption technology as a standard bestpractice for securing and sharing sensitive data through emails andfile sharing. However, only 79% of employees said they are requiredto use encryption when externally sharing personally identifiableinformation (PII) or critical business data, while, 64% wererequired to use encryption when internally sharing PII or criticalbusiness data.
|While useful, Egress chief technology officer and co-founderNeil Larkins noted that encrypting everythingisn't the solution to minimizing breaches. "Encryption plays a partin this but doesn't entirely solve the issue," he said, adding thatother steps to take include deploying software that logs normalpatterns of data sharing and also flags abnormalbehavior.
|Despite the frequency of accidental breaches, organizations didnot see them as an immediate threat. While most respondents saidtheir biggest IT security risk was ransomware and malware (48%) andexternal attacks (45%), only 40% said accidental data breaches byemployees was a risk.
|Larkins said that outlook was "historical" and is beginning toevolve as organizations are learning that phishing attacks areeffective and the most common data attack.
|Updated security policies needed in response to new datalaws
Likewise, more companies are training employees to spotphishing, said Joseph Lazzarotti, the privacy,data and cybersecurity practice group founder and chair at theJackson Lewis law firm. But he was concerned about the survey'sfinding that only 59% of companies are implementing new securitypolicies in response to data regulation laws.
|"You want those numbers to be higher," Lazzarotti said. "Givenall the breaches that have happened in the last 10 years, you'dhope that number was higher in terms of companies takingsteps."
|He noted that as more states enact data privacy and breach laws,more organizations in turn are pushed to implement securitypolicies that are in-line with regulations. "There are laws being added to the books thatwill continue to give companies more reasons to take these steps …hopefully the numbers will go up."
|New regulations such as the GDPR and thepending California Consumer PrivacyAct have influenced 54% of respondents toinvest in new security technology, according to the survey. Dataprivacy regulations have also led to 52% of organizations to investin employee training and 44% have restricted the use of of externaldata sharing tools. Meanwhile, only 8% said new regulations haven'tchanged their organization's data sharing habits.
|Related:
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
