Companies don’t have to be hacked to lose costly information. Sometimes it’s just human error.
“It doesn’t have to be an outside hacker,” said Damian Caracciolo, vice president of CBIZ Risk and Consulting Services, a national full-service property and casualty brokerage firm. “If I have records that I’m going to send to my accountant, and I accidentally send it to the wrong email address or I add somebody who wasn’t intended to receive it, it’s the same situation as a breach.”
How often does accidental sharing of business information happen?
“More than you think,” Caracciolo said. “In 2013, unintended disclosure was 30 percent of the loss. Another 13 percent of lost information happens on a portable device.”
That can occur when an employee’s personal phone is lost or stolen.
“That’s one more place where you can have a security gap,” said Tim Blakley, CEO of Invision computer consultancy in Kansas City. “Everybody has their email on their own phone, and if somebody loses their phone and it doesn’t have a four-digit PIN on it, then whoever picks up that phone can have access to that particular employee’s business email.”
But all is not necessarily lost: Invision can get into a business client’s email system and send a signal to a missing phone that disables access to it.
“But you have to have the policies in place so that your employees will report their own personal phone being lost or stolen,” Blakley said. “And if you’re going to give employees access to company email on their personal phones, you have to enforce a PIN on their phone. That’s not very common yet, but I expect to see more of that in the future.”