As companies continue on the fast track to digitalisation, many job roles rely heavily on technology in their daily tasks.
For instance, employees' data (salaries, personal details, etc) that once used to be written in thick stacks of log books kept for years are now stored on digital drives and databases. A quick keyword search can pull up all the information you need. More importantly, the use of online shared drives and collaboration applications means information can be accessed anytime, anywhere on any digital device.
While this is being welcomed for the convenience it brings about, many are unaware of the underlying threats that come with it, as shared in a recent research commissioned by Kaspersky Lab, which surveyed 7,000 employed adults from December 2018 to January 2019 across the Malaysia, the UK, US, France, Spain, Germany, Italy, Brazil, China, Mexico, Japan, South Africa, Russia and Turkey who work in an office and use computers.
Titled: 'Sorting out digital clutter in business', the research found that easy access to digital files could allow former employees to use the data for their own purposes. For instance, they may accidentally edit, delete or damage a document shared with others in the organisation, or even use this information in their new workplace.
Even worse, if an employee has left the organisation on a bad note, there is a chance they may tamper with the data or release the data online. This not just requires time and effort to recover data lost, but also poses a security threat to intellectual property involved.
In fact, the following statistics were highlighted in the research:
- 37% of people have accidentally accessed confidential information of their colleagues, such as salaries or bonuses at work.
- 33% of people claim to have access to files from a previous workplace.
- 80% of people don't think they are responsible for ensuring documents such as emails, files and documents have the appropriate access controls or limits.
- 72% of employees store documents at work that contain personally identifiable information or sensitive data.
For one, HR can organise training sessions to educate employees on the seriousness of such situations, and how to better organise or take charge of their data as preventive measures.
Further, encourage employees to make backups of important information, and HR should also have confidential information backed up in a safe folder to ensure no unnecessary access is granted. It will be good to engage a reliable cybersecurity solution provider for extra measures in protecting confidential employee data.
Lastly, make it a point to check that former employees no longer have access to shared documents or work email accounts.