Three steps to help your colleagues prevent data leaks

Human errors are by far the most important cause for data leaks. According to information security
specialist Daan Koot these errors are caused by both employees and employers. How can
organisation limit the amount of human error with sensitive information?


There is most likely no CISO in Europe that is not thinking daily about the results of the GDPR
(General Data Protection Regulation). Recently, I had a talk with Daan Koot of SafeHarbour, who in
his function of adviser privacy and information security (CIPM Certified CISO) encounters the impact
of this new legislation on a daily basis. One of his tasks is to audit the measures organisations take to
prevent data leaks.


In the meantime many organisations understand that their own employees play a crucial part in
causing and preventing data leaks. Most of the times ignorance about the sensitivity of the
information and the vulnerability of the channels through which the information is being shared
causes errors. According to Koot, employers themselves can also do more to prevent data leaks. In
this article we will discuss three things employers can do according to Koot that will prevent data
leaks.


1. Encourage data awareness


Organisations are performing insufficiently in creating data awareness amongst their employees.
Koot advises clients often to classify all available information within the organisation. For this he uses
three criteria: availability, integrity and confidentiality. How sensitive is the information? How
important is the information? And what are the consequences for the user and organisation if the
information is not available on time? Following this process, organisations and their employees get a
clear insight in the different data streams within their organisation and the necessity to properly
secure these.


2. Avoid fake solutions


Organisations tend to introduce ‘paper solutions’ on a regular basis, however these solutions often
have no practical use in preventing data leaks. As an example Koot mentions the obligation of
companies to come up with a new password every month or user agreements that have to prevent
employees in using their BYOD phones and tablets in an unsafe way. These new passwords are often
almost similar to the previous password leaving no struggle for hackers trying to bypass this layer of
security. User agreements are often very large pieces of judicial text that most employees barely
read, let alone understand. These kind of fake solutions result in a misplaced sense of security.


3. Look for the balance between safety and user friendliness


Organisation that are strengthening their data security can go too far. If increased safety measures
have too much impact on the work of your colleagues, they will start looking for ways to avoid them.
The challenge is to strike a balance between safety and user friendliness. The ideal solution will not
only allow employees to work safer, but will also add to their awareness. One of the ways to do this
is to warn them when they are taking a possible safety risk. This way you will prevent data leaks and
are making sure that the approach is carried throughout your company.


Checklist GDPR


We have described all the necessary steps you have to take in order to meet the GDPR legislation in
our checklist. This document elaborates on things like creating a processors agreement, getting
permission for processing personal information and security measures that have to be taken.

Go to the GDPR Checklist

RELATED
shutterstock_395578309-2

Human error while emailing might be disastrous for your organization - Prevention is much simpler than you think!

  If hackers and cybercriminals are your biggest concern when it comes to cybersecurity, it might be time to look somewhere else for the cause of the vast majority of data leaks. It is well documented that the actual offender is that lovely and well-intended colleague sitting right next to you, and not a malicious individual in North Korea like the media often […]

Read more
shutterstock_395578309-2

Human error while emailing might be disastrous for your organization - Prevention is much simpler than you think!

  If hackers and cybercriminals are your biggest concern when it comes to cybersecurity, it might be time to look somewhere else for the cause of the vast majority of data leaks. It is well documented that the actual offender is that lovely and well-intended colleague sitting right next to you, and not a malicious individual in North Korea like the media often […]

Read more
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
Cloud_based_office_support tools_that_are_U.S._rooted_fail GDPR_complianc_ZIVVER_Eng_blog

Cloud-based office support tools that are U.S. rooted, fail GDPR compliance

It is estimated that the U.S.A. supplies 80% of the global cloud computing services. And nearly all most-used cloud-based solutions for email and word processing are from the US. This causes a big issue for European companies using these vendors since they are not GDPR compliant. This is the conclusion of a research performed by the Swedish National Public Procurement […]

Read more