As a business owner, you would not hire a new employee and send them out to represent your business (whether on the floor, on the phone, or in the field) without training them on the proper procedures of your business, would you?

So, why would any business give employees access to sensitive information the businesses is liable for protecting, without first providing the employee with the appropriate training on how to handle such sensitive information?

Businesses, corporations and institutions across the US are discovering the biggest threat to sensitive information, in many cases, are the individuals entrusted to handling it and the rest of the employees working with open access to it.

Sensitive information has become a "need to know" or need to handle practice. TRAIN your employees on sensitive information & please LOCK IT UP!

From DailyTech

A report published by the Identity Theft Resource Center (ITRC) estimates more than 35 million data records were illegally accessed during 2008.  The ITRC also believes the number of reported data breaches occurring in the United States increased almost 50 percent, and the number could be higher...

Insider theft also doubled to account for almost 16 percent of the data breaches, with a third of the breaches caused by stolen laptops.

Along with theft or loss of laptops, hacking, accidental disclosure, employees improperly handling data, and issues with subcontractors also led to data theft.  To help try and reduce the amount of employee theft and negligence, many companies are beginning to crack down on the activities of their employees.

The Washington Post reported:

The center (ITRC) also found that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008...

Amir Orad, chief marketing officer for Actimize, a fraud prevention company in New York, said he has seen increased interest from an array of organizations, particularly banks, looking for technology to help them detect the potential threat from employees.

"We recently had a mid-sized institution in the U.S. that wanted to do a test of technology to help them monitor employee activities, and that ended up with two employees being arrested. That's the type of outcome we did not see two years ago," Orad said.

Does this mean that all employees are up to no good? NO. Does this mean you have to install spyware on your employees? Not really. Many times information is lost or mishandled because of lack of knowledge. If your employees do not know the risks of handling such sensitive information or understand their role in protecting the information they handle, then you are going to experience negligence only due to ignorance. Compliance laws now mandate the training and even mandate businesses have written policies on sensitive information.

Full ITRC report

By Stacey Jimenez at 7:03:35  Comments: 0