Accidental Data Breaches: 3 golden rules for effective cybersecurity training

Accidental data breaches are a big and rising cost for businesses. Ponemon research shows that the majority (62%) of insider threats are caused by employee negligence or human error, with the average incident costing businesses $307,000 each time.

The rise of remote working, as a result of the pandemic, has created an even more fertile environment for accidental insiders to leak sensitive data. Outside of the corporate environment, some employees are slacking on following safe data practices. For example, 1Password research recently found that more than half of all parents (51%) who work from home say their children have access to their work accounts.

In line with this, it’s no surprise that cases of data leakage soared in 2020. Imperva saw a 93% rise in the exposure of information through online data leakage, from just under 900,000 to more than 1.7 million by December of 2020.

With company reputation and thousands – if not millions – of dollars at stake, it’s critical that organizations reduce the likelihood of employees unintentionally leaking data.

Developing a threat aware culture through training

The best way to combat negligence is through awareness. A good cybersecurity training program can drastically reduce the threat of accidental insiders. But, with so many options out there, it can be difficult to understand what to look for in a cybersecurity training program.

Below, we explore 3 must-know golden rules for effective training.

Be often

• Treating training as a yearly tick-box exercise won’t result in the behavioural changes required from employees.

• Instead, deliver training in bite-sized, digestible instalments, which are easier for employees to fit into their working day.

• Where possible, offer training on-demand, or integrate it into daily workforce applications, so that cybersecurity stays front of mind.

Be human

• Employees aren’t cybersecurity experts. Many won’t know what a phishing scam is or understand why it’s important not to move data between their personal and company devices.

• Effective training needs to speak to employees on their level and be easy to understand.

Be prepared 

• No training program is a silver bullet for accidental data leaks. Employees are only human and mistakes will inevitably happen at some point.

• Training must be backed up by adequate data protection policies – particularly for redacting sensitive data.

PolymerDLP Behavioral Approach to Better Privacy

provides employee based risk scoring based on patterns of sharing sensitive data. User nudges and warnings are designed to reinforce existing security training programs and best practices. For example:

• Synchronous In chats such as Slack, existing phishing simulations are incorporated to train employees in being proactive before clicking.

• Online file storage such as Google Drive, default sharing of public links is countered by framing users into private-only shares.

Polymer protects against data loss (DLP) on modern collaboration tools like Slack, Dropbox, Zoom, Github and more with alerting & real-time redaction of sensitive and regulated information such as PII, PHI, financial and security data. |