Last week I read a story on the BBC website about one of the biggest data breaches to date. The article details how the personal information (names, social security numbers and credit card details) of 20 million individuals were stolen by a single IT worker.
This example just goes to prove how often the weak point in any organisation’s information security is in fact the human behind the keyboard and not the technology used to protect the organisation.
Human error is also another common way in which organisations suffer a data breach. A simple mistake such as emailing a customer list or document to the wrong person, especially if it is unencrypted, counts as a data breach.
But how do we deal with this insider threat?
The answer is pretty simple really, by taking a balanced approach to information security such as ISO/IEC 27001:2013 and implementing the necessary controls.
Specifically, you could implement controls such as email and document classification using software such as Boldon James Classifier to classify each file to ensure they receive adequate protection, or you could implement an encryption solution such as Symantec Drive Encryption to ensure data is encrypted so that if it is stolen it cannot be accessed.
Combine people, processes and technology to maximise the security of an organisation’s information – use ISO 27001.