While almost two thirds of SMEs did report attacks through unauthorised outsiders, an almost equal number reported staff-related security breaches. In fact, 36 percent of the worst security beaches suffered by SMEs over the past year were caused by inadvertent human error – and a further 10 percent by deliberate misuse of systems by staff. These findings paint a worrisome picture – SMEs are now responsible for vast amounts of customer information, including contact details, credit card information and other Personally Identifiable Information (PPI).
While businesses are taking steps to protect themselves against external attacks from cyber criminals, many fail to secure their businesses and customers from staff-related incidents. In fact, 17 percent of small businesses admit to knowing that their staff broke the data protection regulations in the last year – up from 11 percent the previous year. It appears that those leaving a company and ex-employees pose the greatest risk, as recent research found that the number of High Court cases relating to the theft of confidential information soared by 250 percent between 2010 and 2012, with the majority of cases involving ex-employees and SMEs.
From using data to impress a future boss, to selling it on to marketing firms, or stealing intellectual property for their own business plans – employees are taking entire databases with them to use for their own benefit.
For small businesses, this trend causes a major dilemma: while they cannot risk the financial implications and loss of reputation associated with a breach, they also need to tread a fine line between monitoring employees while still giving them the freedom and trust they need to do their job well. So just how can business owners bridge the gap between security and an efficient working environment?
1. Trust is good, control is better. There is no doubt that trust plays a large part in the relationship between employer and employee. Nevertheless it is still important to vet your staff properly and carry out background checks before entrusting them with confidential data.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.