Would it shock you to learn that an average employee has access to around 10.8m files? How about if we told you that larger corporations allow for around 20m files to an average employee? These are not higher up the chain of command figures; these are average everyday workers.
As of recent research undertaken by Varonis, it is calculated that 64% of financial institutions have over 1000 files containing sensitive information that is open to every employee. The steps in implementing a transition to remote working and locking down exposed data in order to mitigate risk associated with remote logins are placed highest in security measures for IT team within financial services.
However, mobilizing this transition without proper security procedures in place has opened up increased risk by way of intruders with malware and ransomware attacks, opening up the companies to potential non-compliance of regulations such as SOX, GDPR and PCI.
Identifying the Problems and Steps
Among the foundational security footsteps is via restriction of access to sensitive data, however many organizations have been found to have not taken this step.
Within the larger financial service organizations, the number of open folders that are able to be accessed by workers is around 1.3 million. This does drop in volume depending on the size of the organization with medium organizations averaging around 778,045 files and just over 101,717 in small firms.
The reason for financial institutes not undertaking the security measures can be down to the steps needed to be taken to ensure the restriction is applied, which may seem daunting for them. By firstly classifying all data within the business and determining priority relative to risk, companies have to follow that with ensuring user identities are limited and organized. Crucially it leads to the next step, which involves putting controls that limit access and manipulation of high priority data by certain users.
These steps in place solve the theft and mishandling of data as well as have a positive effect on efficiency and security in other levels of the business.
Why Are Companies Not Complying?
Unfortunately, it comes as no surprise that many institutions have not implemented required security measures throughout 2020 as we experience the biggest shift in data breaches on any year ever recorded.
As with many elements of human behaviour, the need to implement security is a reactive measure to an event that requires it never happen again, mostly to great losses experienced. With content-sensitive workplaces pretty much holding up a placard of vulnerability with so much free access granted to employees not requiring it, time is not on their side as to what is considered a data breach will most likely occur.
To be able to streamline access to networks, safeguard sensitive files and action on vulnerable points within their network, business owners and their IT departments should be developing criteria for employee onboarding regarding access to their network.
For more information on how to protect data online and the latest news and events happening to combat these areas, contact the team at Whitehall Media and join our events.