Recent statistics have proven that 63% of Australian organisations had experienced a cybersecurity breach or other incident in 2015, and more than half of these were deemed ‘serious’. Expansive breaches, for instance those experienced by Kmart and David Jones, and those which attract significant media attention such as those at Aussie Farmers Direct and Queensland TAFE, have had a detrimental effect on consumer confidence in Australia’s data security.
Suggested amendment to the governmental data breach notification bill, as well as the potential loss of consumer trust and expenses associated with these breaches, is prompting Australian companies to refine their data security measures. In an article I recently contributed to CSO Online, titled A Data Breach Post Mortem: The Dos and Don’ts, I discussed why it is so essential – both for breach prevention and response – to build a data-led security programme.
When a data breach occurs, many companies feel compelled to point the finger straight at employees and their data usage. Positioning data as the ‘villain’ of the story is seldom an effective solution, and will more often than not result in reduced employee morale and productivity, and constricted business agility. A didactic system will produce discontented employees with little reason to adhere to such restrictive policies. While vigilance with data security is important, data is not to blame.
The most appropriate remedy would be a data-led method, which supplies employees with the necessary training and tools to adopt mobile and flexible working arrangements. This would gain the support of the entire company. The ways in which you manage data security risks changes:
- Lay down a clear and explicit policy on the devices and data practices that are acceptable – it is important that employees understand when and how they have breached policy.
- Make education and training a priority in order to cover the most common causes of data breaches: the human element. The majority of Insider Threat aspects are non-malicious, so offering full training is pivotal to preventing data breach.
- Apply technology as an extra layer of security for your key data: this will keep you informed on where it is and when it is at risk at all times. This will also protect your key data by wiping the data or disabling the device it is on from a remote location.
Here at Absolute, our uncontested endpoint data security solution assists with the safeguarding of your endpoints and the confidential data they contain, by monitoring and using automated alerts, regardless of user or location. Our Persistence technology is built into the core of more than one billion endpoints. Once Persistence has been activated, it offers universal visibility into your fleet of devices, allowing you to oversee mobility and explore potential threats with confidence, and take measures should an incident occur. Ours is the only technology on the market which can offer these assurances.