If anyone knows the danger in an increase in lost and stolen company data, it’s Finance pros. The worst part: The problem often lies with your own people, not cybercriminals.
According to a joint report by Ponemon and Varonis, Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations three-quarters (76%) of companies have had data lost or stolen over the past two years.
But “stolen” wasn’t the primary reason. In fact, 50% of lost data was due to negligent insiders. And 13% was the result of malicious insider attacks. Less than a quarter (22%) of data loss was from hackers.
Yet insiders weren’t the primary concern for most organizations.
Misplaced priorities?
The most common concern for most companies was still outside hacking attacks, at 58%. That was closely followed by negligent insiders (55%).
That’s not exactly illogical. The damage from an outside attack is likely to be significant and long-lasting. Still, this highlights the oft-overlooked problem of users having too much access to data they really don’t need.
According to the Varonis survey, 62% of users said they had access to data they probably shouldn’t see. And nearly a quarter of IT pros (24%) said they never review the list of individuals who have access to “file shares and other collaborative data sources.”
If that information was escaping, IT probably wouldn’t know about it. Nearly half (38%) said they don’t monitor email or file activity.
Restrict access, delete files
You can’t lose what you never had to begin with.
With that in mind, your IT folks should consider taking more action on restricting access only to those users who actually need it. And review who has access periodically, too. That goes doubly for any users who may have left the company or been transferred out of a role where they would need it.
And if you’re holding on to too much data, it could be time for some belated spring cleaning. The longer this sensitive data resides on premises, the bigger the risk of it being used or sold to an outside party.