Introduction
Nowadays, “data breaches are increasing in volume and scope” (Holtfreter and Harrington 1). Cybercriminals become able to steal billions from organizations and compromise private information. The major factors that define the thriving of cyber ganging are the insufficient level of employees’ competence, the lack of knowledge about the technical side of information protection, and non-compliance with safety standards.
Main text
Researchers usually distinguish three major groups of data breaches according to their causal factors: internal, external, and non-traceable (Holtfreter and Harrington 3). The number of internal factors of data breaches is the biggest. This category includes improper protection of data, theft, or hacking by employees with a high or a low probability of fraudulent intent, and unintentional loss of data.
The external factors include theft, hacking, or loss by the individuals who are not related to the organization. Non-employees, third parties, and hackers are responsible for most of the compromised records (over 70%), and the higher amount of data breaches. But although the number of compromised data cases happen due to the external factors more often (47% comparing to 38% of data breaches caused by the internal factors), employees’ actions and misconduct have greater significance in this regard and are associated with far more important implications for organizations than the actions performed by the third parties.
The mentioned internal casual factors indicate the lack of employees’ competence, the inefficiency of HR practices, the underdevelopment of corporate culture that enforces ineffective safety policies, or fails to ensure information sharing among all team members.
It is observed that many data breaches occur because organizations use inefficient and outdated data encryption standards. At the same time, the implementation of the improved versions of standards, e.g. 128-bit Advanced Encrypted Standard, may impede breaking key codes and minimize the risks of identity theft (Holtfreter and Harrington 3). It is possible to say that all external factors of any data breach case are, to some extent, interrelated with the internal factors.
For example, theft or loss of data by the third party is often induced by an improper exposal or disposal of information, i.e. employees’ inattentiveness or lack of knowledge (Holtfreter and Harrington 4). A data breach can happen accidentally, unintentionally, because an employee did not pay a lot of attention to security measures and did not consider potential risks of a data carrier stealing and loss. Thus, an individual employee may actually be regarded as the weakest link in data protection management. However, organizations can and should undertake measures to reduce potential security risks.
As it is observed by Holtfreter and Harrington, hackers are more skilled at what they do and often can access organizational networks without significant difficulties. However, a great number of both internal and external factors associated with employee involvement in data breach occurrence represent serious threats to corporate welfare, as well as personal data and identities of all related companies’ stakeholders.
Conclusion
First of all, leaders need to encourage proper data disposal by developing an adequate safety culture and educating employees. Moreover, they should prevent unauthorized intrusion through the adoption of more strict regulatory measures and implementation of advanced security technology. In this way, it may become possible to maintain the desired professional behavior and significantly reduce risks of data breaches or compromised records.
Works Cited
Holtfreter, Robert, and Adrian Harrington. “Employees Are the Weakest Links, Part 1: Data Breaches and Untrained Workers.” Fraud Magazine. 2016. Web.