The headline might surprise some folks who are constantly bombarded by news stories about advanced hacking and phishing techniques, but the reality of many data breaches is far more mundane. People using email.
“For example, as people continue to leave their jobs — often referred to as “The Great Resignation” — they may intentionally “send data or documents to their personal account and not even fully understand how it can impact the company’s security,” “
Every time I consider the risks involved in people simply emailing information to themselves I’m reminded of the day I was on site doing some training with a corporate eDiscovery and Security team. They had managed to get a written policy that forbade employees from ever emailing any information to themselves so that they could access it offline. Company data was company data. Except one of the days I was there, HR sent out an informational sheet about emergency contact information and helpfully suggested that employees keep it handy by emailing to their personal email or family emails.
Clearly, this is the kind of mixed message that creates confusion about when it’s appropriate to share company information in an email home and when it’s not.
This survey result kind of shows us that too. A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.
It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.
On the other hand, there’s a not so insignificant number that is actual insider threats, so you may want to remind your IT and Security folks of that too.