Payroll details and other sensitive personal data residing on companies’ servers today are free for all
By Kaspersky: A global cybersecurity company founded in 1997.
As the saying goes, “data is money”. Sometimes it literally is — for example, when one bumps into a spreadsheet with their colleagues’ salaries in it. In the latest Kaspersky’s survey, almost four-in-ten employees (37%) admitted to accidentally accessing confidential information about their colleagues – such as salary and bonus information.
Payroll details are just one example of the sensitive personal data that reside on companies’ servers today. If leaked in public due to a lack of security and access consideration, it can not only undermine team spirit but also lead to more drastic consequences such as possible cyberattacks, regulatory fines for data protection non-compliance and lawsuits from affected employees.
One of the factors that may lead to work files being accessed by unauthorized people is that less than half (43%) of employees periodically check and amend the access rights for shared documents or collaboration work services that they use. Whenever someone leaves the company or transits to another department within the same firm, it’s essential that they have their access annulled immediately. Otherwise, it creates risks for the organization and for the people working in it.
This is part of a bigger problem called ‘digital clutter’ which stands for the uncontrolled proliferation and sharing of working files and documents that are kept without the necessary precautions. The lack of procedures and policies in place to regulate the digital order may lead to a blurred responsibility and general indifference among employees regarding the flow of documents — inside and outside the company. According to the report, only a third of employees (29%) knows exactly what is stored in each shared document or collaboration work services they access.
The challenge of ‘digital clutter’ is especially alarming for small and medium size businesses that are prioritizing business growth while leaving security and IT management issues in the hands of non-specialist employees or, at best, outsourcing to an external IT service provider.
“In most cases, working in an office today means working with sensitive and personal data. In order to protect themselves from related risks, businesses should start paying attention to security awareness, protection and policies. Employees, from regular ones to IT specialists, need to know how to use services for file sharing, collaborative work, how to encrypt important documents and how to recognize a phishing email. There are solutions and services in the market that can help with this,” comments Maxim Frolov, Vice President of Global Sales at Kaspersky.
Training of employees and regular reminding them about basic cybersecurity rules is essential. Kaspersky Automated Security Awareness Platform provides education in the form of short engaging lessons based on real life events to train practical skills that are applicable to employees’ daily work.
For better protection of businesses’ data on any endpoint — Kaspersky Endpoint Security Cloud. The product includes file, mail and web protection to not let a malware compromise endpoint and network content — whether through phishing email or an unsecured web site. With encryption management, all employees’ devices can be encrypted remotely — information on a device is kept in safe even if it is lost or stolen.
Proper email protection is also recommended for businesses using Exchange Online inside the Microsoft Office 365 suite. Kaspersky Security for Microsoft Office 365 protects employees from spam, phishing and malicious attachments dedicated to lure credentials or deliver malicious software to the office network.
For more information about the threats of digital clutter at work read the full report “Sorting out digital clutter in business”.