Does your company have a clear document security policy in place that employees can understand and easily utilize?
While many firms focus their efforts on keeping hackers away from sensitive information, the truth is, most data breaches are internal in nature. Some are deliberate, but many are accidental.
Employees may share information across departments or with business partners, not realizing the data was confidential until it's too late.
Often, internal information leaks occur because security policies are ambiguous or difficult to use. They may be little more than a chapter in the employee handbook (when was the last time anyone read that?) or even simple verbal notification that information is confidential.
Perhaps your document security system is a little more sophisticated than that, but there's no fool-proof (i.e. automatic) system of marking documents to make sure they aren't accessible to unauthorized personnel. A system that's too complicated won't get used, but one that's overly simplified doesn't send a strong enough message, and can be easily by-passed.
Employers need to implement a clear method of marking and protecting sensitive information. Not doing so puts the entire organization at risk, and the burden of proof lies with the employer. Employers must be able to present a clear case that the employee knew the data was confidential—or be prepared to take the blame if the worst happens.
If you are reading this on any blog other than Alaska Enterprise Solutions, it is stolen content without credit.
You can find me on LinkedIn via Alaska Enterprise Solutions and Facebook via Alaska Enterprise Solutions.
Come and visit our blog at http://www.aesalaska.com/blog