Technology allows businesses around the world to easily communicate and access data, increasing both business opportunities and worker productivity. However, this same technology also makes corporate data more vulnerable to theft and harder to protect. Lost or stolen data has significant financial repercussions; misplaced devices or server crashes are estimated to cost the average business $586,000 a year. Data theft was recently estimated to cost companies $250 billion a year, according to the National Crime Prevention Council.
Intellectual property — customer lists, a secret recipe, proprietary product blueprints, financial data, merger and acquisition plans, etc. — faces a variety of threats as more businesses and employees take advantage of wireless and portable devices.
Here are seven of the most common issues that lead to corporate data loss or theft. By implementing information security procedures and employee training, organizations can mitigate data theft risks and better protect trade secrets and other confidential information.
Using Unauthorized Applications
The use of unauthorized applications — e.g., personal email, online banking and online shopping — on business networks puts both sensitive corporate data and employees’ personal information at risk. These unauthorized applications are often unmonitored, don’t follow corporate security standards and increase the risk of the corporate network being infected by malicious sites.
Misusing Corporate Computers
Employees often knowingly use corporate computers in ways that undermine IT security policies. Altering security settings to download music, shopping or paying bills online, or even engaging in online gambling and pornography threatens corporate security and profitability. Sharing information or work devices with non-employees — friends, family or even strangers — is another big threat to data security.
Disregarding Password and Login/Logout Procedures
A password is the most basic computer-security measure and also the most commonly disregarded. Many employees leave their work area while their computers are logged on and unlocked, or store system login information and passwords on or nearby their computer.
Piggybacking and Tailgating
Leaving devices unlocked or passwords exposed makes them susceptible to unauthorized individuals who can access the physical worksite by following employees — or "tailgating" — into the building. Piggybacking occurs when employees give non-employees the freedom to move around corporate facilities unsupervised. Piggybacking and tailgating can be done physically and electronically.
Remote Worker Security
Mobile employees using portable devices increase the potential for data loss in a variety of ways:
Transferring files from a work device to an unprotected home computer or personal device.
Using personal communications that don't meet corporate IT security standards.
Discussing sensitive company matters where others can hear the conversation.
Failing to use a laptop privacy guard when working remotely in a public place.
Failing to properly safeguard mobile devices against loss or theft.
Using hotel or other public "hot spots" where potential cybercriminals can steal information or establish a rogue network to steal information.
Sometimes employees' attitudes about intellectual property are at odds with company policies. Often employees are simply unaware that it is wrong to take information with them when leaving a job. Others believe they have some ownership of intellectual property they helped create. Finally, there is always the possibility of rogue employees transferring business information to their own devices and handing it over to a competitor or subsequent employer.
Foreign Subsidiaries/Business Partners
Companies need to be especially careful when doing business in certain countries — for example, China — where digital security is lax and/or they may lose the legal protections guaranteed by U.S. law.
Clearly, there is a variety of ways in which data can be lost or stolen in today's electronic business environment. Intellectual property lost to economic espionage or data breaches can damage a company's reputation, undermine its brand, jeopardize its competitive edge, reduce customer confidence and result in regulatory fines. This makes it imperative for organizations to implement security policies, train employees about the risk of data loss and foster a security-conscious culture in which employees adhere to policies and procedures.