You Might Be Giving Your Employees Access to Private Data They Shouldn't See
When you're trying to juggle a million things at once to operate your small business, you're obviously going to have to delegate some responsibility to your workers. That often includes access to sensitive information. But did you know that even your most trustworthy workers might end up putting you at risk for a data breach as a result?
Look, the simple fact is this that people are curious. Curious about all kinds of things. That might include how much the company makes, how old a coworker is, and so on. And that means if they're given access to such information, they're at least a little likely to take a quick peek. That would be all well and good, but it's a violation of privacy and poses a rather significant data breach risk for your company, and the fallout from that kind of incident can end up costing you hundreds of thousands of dollars.
A recent study from the security firm BeyondTrust found that more than one in four employees who had some sort of security access used that information to look at financial reports, salary data, and personnel documents for their companies even when it had nothing to do with their jobs. Furthermore, 44 percent of those polled said they have access to such information that wasn't relevant to their duties.
And at that point, you say, "Okay, well I'll just put more controls in place to make sure they can't see that stuff." Here's the problem with that: nearly two out of every three companies, large or small, already do that, the report said. While 65 percent of businesses have controls to monitor access, more than half of all workers say that they're able to circumvent those measures. That, obviously, is a whole different problem, and it's only likely to get worse; more than 75 percent of those polled said that the risk of this becoming a problem for their companies is going to rise over the next couple of years at least.
So what can you do? The first step you might be able to take involves being more careful about who gets access to what. Maybe giving access to sensitive data on an as-needed basis might be a good way to go, but so too can educating workers about the dangers that these actions can pose. There's no way to fully insulate yourself from such risk - again, it's human nature - but doing all you can is vital here.