“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of Corporate Counsel (ACC). Companies surveyed attributed data breaches to a host of human foibles, including lost laptops or devices (9%), “phishing” emails that induce employees to click on malicious links or open infected documents (12%) or simple “employee error” (24%). A distressing 15% were classified as inside jobs.
The full report can be obtained from the ACC.
The ACC report highlights the paramount importance of employee training to a company’s data security program. The strongest and most assiduously updated firewalls and malware detection systems cannot stay ahead of every newly-crafted piece of malicious code. Training employees in best practices with respect to email and data handling provide an additional bulwark against threats that data security technology simply cannot root out. It's no accident that the mantra of most data security professionals is "People, Process, Technology" - in that order.
Watch out for your weakest link!