In fact, of the 1,255 total data breaches recorded by the Identity Theft Resource Center in 2018, 150 of were because of the mismanagement of information by employees tasked with protecting it. That means 12% of the data breaches were the direct result of mistakes in handling sensitive information, leading to 1,131,288 records exposed and potentially costly consequences for the companies involved.
April is Records and Information Management Month, and while it might not conjure up holiday-themed festive images the same way Christmas does, it is a great reminder that your information and your identity are only as safe as the people who have their hands on it.
What does it mean to mishandle information? There are numerous ways that information can accidentally fall into the wrong hands. It may be losing a flash drive or laptop with customer records on it, the theft of company hardware like laptops or even servers, reusing a weak password that lets hackers easily break into a system or failing to password protect a database of records in the first place. In other cases, the exposure resulted from improper disposal of sensitive information, such as throwing paper records in an unsecured garbage dumpster instead of shredding. In many cases, employees may fall for phishing attempts or respond to requests that appear to come from someone within the company but are actually sent by malicious imposters.
In order to protect all of the sensitive information that businesses gather and store, it is important to understand how to secure it and what can happen if it is compromised. It often starts with a solid company-wide computer use policy that outlines exactly how things like password security, email responses and data access are supposed to be enforced. Helping every employee understand the ramifications of mishandling information is important, too. Finally, a good “delete” housekeeping from time to time to permanently destroy any outdated stored records can thwart a lot of security problems before they arise.
Read next: TurboTax Breach Cause By Credential Stuffing