#MIDDLEBURY
By JUSTIN GOLDEN
OneLogin, an identity management company, said in a June 21, 2016, research paper that U.S. employees utilize digital device practices that expose their employers to increased security risks. A May Arlington Research survey of U.S. respondents for OneLogin revealed troubling results:
- Thirteen percent of companies allow employees to use devices that access their employer’s network. Nine percent of those employees allow a partner to use these devices, and 1 percent even allow their children to use these devices.
- Password sharing is rampant. For example, 20 percent of employees share their work email password while 12 percent share passwords for other work applications. Twenty percent of employees have no security software on their devices.
- Then there are the employees who move on. Some move on to other employers, others move out of state due to a spouse’s transfer, some change careers and others retire. Employers need to consider ways to reduce the likelihood of company data leaving with them.
- Former employees don’t always intentionally take a company’s data, but that data rightfully belongs to the employer.
Ryan Francis, in a CSO Online article dated June 21, 2016, cites a Biscom national study that found more than 25 percent of employees take company data when they leave their jobs. Bill Hoy, CEO of Biscom, relates a few ways to reduce this potential threat.
- Establish clear employee policies on handling company data and information.
- Incorporate data ownership and handling policies into employee agreements.
- Add data protection and security discussions to new employee orientation and training.
- Encourage reporting of suspicious activity.
- Train employees on best practices continuously and often.
- Establish data classification and access permissions, e.g., using the principle of least privilege.
- Create a response plan and practice it.
A single unauthorized access to your company’s personal, financial or customer confidential information can have serious consequences for your business. While we are all aware of the apparent loss of business and your hard-earned reputation due to a data breach, much more needs to be considered. Hidden costs can stretch over many months and even years after the breach is revealed.
In a Journal of Accountancy story by Neil Amato on July 25, 2016, “Cyber Readiness,” Deloitte and Touche LLP said, “… it’s not just about what happens after an attack. In other words, it is far more involved than following through on a six-week or six-month incident response plan with technology upgrades and planned communications with customers and other stakeholders.”
The report lists 14 impact factors of a cyber attack, including these seven classified as “beneath the surface” and with less visible costs: Insurance premium increases, operational disruption or destruction, increased borrowing costs, lost value of customer relationships, lost contract revenue, devaluation of trade name and loss of intellectual property.
Stay ahead of the curve. Plan the work and work the plan now.
Golden Technology Services, Inc. helps clients improve their cybersecurity. Contact us at 972-679-9738 or info@gtscloud.com.
