Technology

Data Security: The Greatest Threat Is Internal

A PC World article discusses a new study by Forrester that reveals that internal threats are the "leading cause" of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve "inadvertent misuse of data by employees."

According to the article, the study also indicated that "only 42 percent of the North American and European small and midsize business workforce surveyed had received training on how to remain secure at work, while only 57 percent say that they're even aware of their organization's current security policies." The article quotes Heidi Shey, the study's author, who says: "People don't know what they don't know. You've got to give them some kind of guidance and guard rails to work with."

I couldn't agree more. Data breaches are often not the result of technical deficiencies but of the human element. A person can so readily click on the wrong thing, place data in the wrong place, fail to properly dispose of data, improperly access data, or fall for a social engineering trick. All it takes is for one member of the workforce to slip up, and . . . bam . . . there's a data breach.

Data security is only partly technical -- it's a human behavior issue, and that's why education and awareness are so important.

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School, the founder of TeachPrivacy, a privacy/data security training company, and a Senior Policy Advisor at Hogan Lovells.