When we think of data breaches, we typically think of external hackers stealing personally identifiable information (PII), often with the intent of gaining access to bank accounts, medical records or insurance funds. Yet, this stereotype doesn’t represent the full scope of data breach scenarios. There is another source of data theft that is often overlooked—employees.
Forty-three percent of data breaches occur at the hands of someone within the company. While some of these incidents are the result of human error, others are not so innocent. But regardless of the intent behind them, these data breaches carry serious consequences for brands including costly legal reparations and long-lasting brand damage.
The threat is increasing as companies capture and use more customer data for digital customer engagement. Customer data is the most vulnerable type of information because it holds high value for attackers. In fact, 57 percent of cybersecurity professionals ranked customer data as the number one target. The proliferation of customer data combined with an increasing number of channels and apps that use this information means there are potentially more opportunities for someone to steal and use it for fraudulent purposes.
One way companies can reduce the risk of insider-caused data breaches is by going beyond access management with policy-based data access governance. Identity data access management only goes as far as controlling who or what applications can access customer data. While this is important, policy-based governance adds another level of control and security. It controls what data leaves the organization and precisely defines who or what applications can use the data. This is critical to being able to securely share customer data to all of your apps, and it is also useful in preventing accidental or nefarious data sharing by employees or partners.
Policy-based governance enables you to define the types of data an employee can access based on administrative roles. A customer service representative may only need to see a customer’s order history, but not their financial data, for example. Limiting the type of data an employee can access can greatly reduce the ability for a former employee to expose or steal PII. Plus, it can help your organization demonstrate that it is enforcing security and privacy regulatory policies.
Ex-employees can pose another threat to data security. Thirty-nine percent of large businesses admit to taking as long as four weeks to close out a former worker’s account, and 49% of people have admitted accessing workplace digital resources after they have left a company. Ex-employees retaining data access is problematic on many levels, but particularly in cases where a terminated worker is disgruntled and seeking retaliation.
Another key way to protect data from unhappy ex-employees is to revoke all access to data as quickly as possible. With the right customer identity management solution, IT teams can easily revoke a former employee’s data access. It can also help teams limit current employee access to data and define exactly how that data can be used.
This article was written by Michael Tarbet from Business2Community and was legally licensed through the NewsCred publisher network.