Tuesday, April 6, 2021

The Human Element of Data Security

Conversations that were once face to face are now happening digitally worldwide. People are sending more emails than ever, and the pandemic has caused a massive influx of digital communication. This increase in digital communication poses new data threats and has caused new policies to be put into place in terms of data security. There is now an increased risk for people sending emails to the wrong recipients or attaching the wrong files to the wrong emails. Employees have also reported that they are more stressed and tired, and these factors could increase negligence. Companies must mitigate these risks and many companies have done so by implementing new data loss prevention tools.

I think companies need to implement these data loss prevention tools in a way that is productive and efficient. One confidential email to the wrong person or place could substantially harm a company and their reputation. Companies must find a healthy balance of data security while ensuring that they aren’t harming productivity within the company. If the tools are overly protective, they could slow employee production and subsequently harm the company. These tools can also cause employee frustration if they don’t align with real user behaviors and slow the employees down.

Fortunately, companies can now implement advanced data loss prevention tools that enhance security and productivity. These tools are now able to observe a user and understand the ways that they use email to share information and data. I think these advanced tools are effective because they only prompt users when they recognize abnormal behavior or heightened risks. I think that fewer notifications about security will make users more receptive to these messages because it will lessen click fatigue. If an employee is constantly clicking through security notifications, I think they will be less likely to take them seriously.

This type of advanced data loss prevention tool is essential in all types of business. Some employees share sensitive and private information through emails hourly and it is important that these emails are protected. Hacking and security breaches are always a risk, but companies can mitigate the risks of leaks by implementing data loss prevention tools.

Certain companies run a severe risk of leaking insider information to the public and one email could destroy an entire corporation. I think that this type of data security is especially essential in the accounting and finance industry. The “big four” accounting firms audit large corporations and have an abundance of financial information on clients. A lot of this information shared within these accounting firms is private and would be considered “insider information.” If this information was leaked, it would be devastating for the firms. Insider information would allow investors to have an unfair advantage in terms of whether or not to invest in a company.

Regardless of the industry, any security breach can be catastrophic. I think it is crucial for companies to recognize this and implement the necessary measures to protect themselves.

Source: https://builtin.com/cybersecurity/advanced-data-protection-tools 

2 comments:

  1. Tim, this is a topic I can relate to a lot. Being completely online since the middle of last spring semester has been tough, and when it comes to the increase in electronic communication, I am no stranger. Matter of fact, just this semester I almost forgot to register for my classes for next semester because the email was "lost" in my inbox and not being on campus never afforded me the opportunity to hear about registration from, say, my roommates (something I didn't realize was a luxury the previous years). I also definitely agree with what you said about employees feeling more stressed and tired. I can attest to that myself, as well. Anyways, you mentioned that the increase in digital communication has caused new data threats, but I'm not sure that is the case. I would think that these types of data threats from emails were always threats, for about the last 10-20 years, but have just increased. I don't think it is anything new, per say. Also, you say that companies are starting to mitigate the risks by implementing new data loss prevention tools, but you never mention what they actually are. Perhaps you just don't know, but I'm curious as to what types of tools they are using now. It sounds like it is much more than, for example, using a VPN and I'm wondering what else is being done these days, specifically. I do know that companies have probably had to add extra trainings about working from home. For example, reminding people to not leave their work computers unlocked when they have to leave the room. I will say also that you bring up an interesting point, when you talk about how these new tools are able to observe a user and understand the ways that they use email to share information and data. You also say that, with this, it will only prompt users when they recognize abnormal behavior or heightened risks. From the looks of it, it seems like any firm’s respective IT department can spy on their employees, which is completely okay because it is just to keep the company safe, and no one should be doing anything but work on their work computers, in my opinion. I’m still a little unsure as to what these data loss prevention tools actually are, but I think I have a basic understanding. The last thing I want to mention is your talk about insider trading. I didn’t even think about how data security is an even bigger risk for public companies because of what leaked data can do to their stock price, at least prematurely. That is, because, as I’m sure you know, public companies have to release their financial statements anyways. Generally, this sounds like an intriguing topic and one I have firsthand experience in from work and school the past year. Especially for anyone aspiring to go into cyber security, and even general IT, this is something to take a look at.

    ReplyDelete
  2. I wrote one of my blogs on this same topic. Human error resulting in data loss can lead to larger problems in the organizations then just that one instance. If an employee makes a mistake, it can lead to divide in the company. This mistake must be met with support from the organization because if it is not, it could lead to problems going unreported. When employees fear the consequences of mistakes, they are less likely to tell others, then the problem will not be addressed until it causes other much larger issues. The effects of human error can be minimized if it is addressed quickly and correctly. The first step to this involves accountability. If the organizational culture is focused on support then employees will be more likely to hold themselves accountable.
    While data loss prevention tools are very helpful, they do not completely prevent all data loss issues. Employees can still respond to phishing emails if they are not careful or send the wrong files to the wrong people. In this case, the employee’s lack of attention to detail may be irritating to others, but in the end they should not focus on being angry at the person or on a punishment, but on fixing the problem.
    I agree with you that fewer security notifications can be effective, but as you mention, they do not completely solve the problem. Employees will still need to be very careful when handling sensitive data. When this data is in the wrong hands, it can be redistributed which can lead to devastating consequences. This data protection is very important with accounting as you mention, but it is also important when dealing with personal information of your customers. This applies to every company, especially social media platforms, as we saw recently with the hacking of Facebook. This instance is not the same human error that you discuss such as sending the wrong files, but Facebook knew that they had data security issues. They either did not put enough manpower into fixing their issues or employees did not properly implement data protection systems. This is error both by the employee and the organization for allowing such a large amount of personal information to be stolen. As a result, there customers need to change their phone numbers, email addresses, and possibly even their address depending on the severity of the situation. They must make these changes unless they want to face a chance of being harassed or pestered for more information such as a social security number.
    Data management and human error is difficult to manage under normal circumstances. During the pandemic, it is much more difficult given most work environments have become increasingly remote. As you mention this makes everyday tasks and coordination even more stressful, which makes a supportive environment even more necessary. Not only is the work harder to begin with, but it is done at home where you have many distractions. Human error is inevitable but preventable.


    ReplyDelete

Note: Only a member of this blog may post a comment.