Human Error Caused 93% of Data Breaches

Despite tremendous increased attention, the number of reported cyberbreach incidents rapidly escalated in 2014. According to Information Commissioner’s Office data collected by Egress Software Technologies, U.K. businesses saw substantially more breaches last year, with industry-wide increases of 101% in healthcare, 200% in insurance, 44% among financial advisers, 200% among lenders 200%, 56% in education and 143% in general business. As a result, these industries also saw notable increases in fines for data protection violations.

The role of employees was equally alarming. “Only 7% of breaches for the period occurred as a result of technical failings,” Egress reported. “The remaining 93% were down to human error, poor processes and systems in place, and lack of care when handling data.”

Check out more of the findings from Egress’ review in the infographic below:

Infographic: Human error causes alarming rise in data breaches

33% of Employees Fail to Meet Minimum Security Standards for BYOD

Bring Your Own Devices

By 2017, half of employers will require employees to provide their own mobile devices for work use, Gartner reports. There are many benefits to BYOD policies, from greater productivity on devices users are more comfortable with to lower corporate costs when businesses do not have to purchase mobile equipment or service plans. But securing these devices poses tremendous risk that may not be worth the reward. According to data security firm Bitdefender, 33% of U.S. employees who use their own devices for work do not meet minimum security standards for protecting company data. In fact, 40% do not even activate the most basic layer of protection: activating lock-screen features. Further, while the majority of workers could access their employer’s secure network connection, only half do so.

Bitdefender reports that there are 5 core security functionalities a strong BYOD policy should check:

  • Data encryption, for data residing on the employee’s device and for data transiting different channels.
  • Application access control, using port knocking, whitelists and intrusion prevention systems, for enterprise apps communicating with company servers.
  • Mobile malware detection and removal, to ensure clean devices enter the company and to keep them malware-free throughout their use.
  • Real-time app and website scanning, to make sure the device does not get infected by malicious apps or websites when the employee wants to download/access them.
  • App permission management, to allow employees to see exactly what types of information does an application require permission to access and share with the application vendor.

Check out more of the study’s findings below:

Bitdefender BYOD infographic

Data Privacy in an Online World

As social and business networking sites have taken off, data privacy has become increasingly more vulnerable. How can companies protect themselves while still taking advantage of what these new tools have to offer? In his latest online column, Joshua Gold of Anderson Kill & Olick examines the insurance and risk management measures that can prevent or mitigate unauthorized data access online.

Many forms of liability insurance protect against invasion of privacy claims. Should a policyholder be confronted by such a claim, umbrella insurance, general liability insurance, errors and omissions policies and other stand-alone specialty insurance policies should be checked for potential coverage. More proactively, if an insurance portfolio review reveals that those provisions have been written out of the businesses’ portfolio of insurance, the broker should be enlisted to get those increasingly important coverages back in.

For more, read the entire article, only on RMmagazine.com