Data breaches are far more likely to be caused by an employee sending an email to the wrong person than a malicious outsider, leaving companies focusing on the wrong area
Fear of suffering a data breach is now one of the top issues that keep board directors awake at night. High-profile cyberattacks on major brands, such as British Airways, Tesco and TalkTalk, have not only come at a significant financial cost, but also caused great reputational damage.
As a result, investment in the best cybersecurity solutions to prevent such attacks will exceed $1 trillion by 2021, according to analyst firm Gartner.
The last couple of years have seen the number of data security incidents reported to the UK Information Commissioner’s Office (ICO) increase by 75 per cent as companies were getting their house in order for the European Union’s General Data Protection Regulation (GDPR).
Yet a huge 88 per cent of them were not the result of deliberate cyber incidents, but rather simple human error. More than a third were security incidents relating to data being emailed, posted or faxed to an incorrect recipient by mistake.
“Malicious cyberattacks are certainly an important area, but the biggest risk is actually within organisations and it is worryingly overlooked,” says Dean Sappey, president and co-founder of DocsCorp, a software firm for document professionals.
“Organisations have a huge amount of document-based information in the likes of Microsoft Word, Excel and PDFs, and information is commonly being sent out to customers, partners and so on. That’s where it’s far easier for information to be sent to the wrong people, not from any sort of fraudulent activity, just accidentally sending it to the wrong person.
“We’ve all done it; put in the wrong email address and the moment you hit send it’s too late. You can send another email asking the person not to read it, but that’s almost guaranteed to have the opposite effect. We work with thousands of law firms, accountants, corporations and government departments that communicate a lot via email and the chances of sending to the wrong person are huge. How do we make that process more reliable and accurate?”
Malicious cyberattacks are certainly an important area, but the biggest risk is actually within organisations and it is worryingly overlooked
The issue is not only preventing employees from sending emails to the wrong person, but also removing hidden metadata in documents. Track changes in Microsoft Word documents are commonly still present in the file even if you can’t see them.
Famously, this landed Tony Blair’s government in trouble when a review of the metadata in the Iraq War dossier revealed that much of the content had come from a US researcher and was not in fact new information.
A geotagged location is another piece of data that people are often unaware is hidden in a digital photograph they send to others, showing the exact place where it was taken.
DocsCorp’s software provides integration with some systems to check automatically if a person who is being emailed is allowed to receive that message or document based on the particular role of the sender within the organisation. The software is also able to look at all the metadata inside documents and enables companies to set up policies always to remove, for example, track changes and geotagging information before being sent.
“It’s not difficult to implement; it just takes the willingness of the organisation to ensure this massive area of potential leaks is covered,” says Sappey. “Rapid developments in technology mean it is constantly getting easier and easier to press one button and suddenly lots of information is collated and sent out. The introduction of the GDPR makes something that was previously just embarrassing for a company now significantly damaging financially.
“The cost of implementing a solution to eliminate the issues of human error and hidden metadata is a small fraction of what you spend on a copy of Microsoft Word or Windows, and entirely minuscule compared to what you face if you suffer a data breach and are fined by the ICO.”
For more information please visit docscorp.com