As the amount of data shared digitally by employees grows, so does the problem of data loss. Employees share vast amounts of data each day, some of it highly sensitive, via an assortment of digital channels, from email to Teams. Each time data is shared digitally, there’s a risk of data loss attached. This could be completely unintentional, for example, an employee sending an email to the wrong person. It could also be reckless, such as an employee intentionally bypassing security protocols when sharing data in order to get the job done. Data loss can also be the result of malicious employee behavior, where the employee has something to gain by intentionally leaking the data, perhaps to a competitor.
Data loss is a pervasive issue, with our 2021 Data Loss Prevention report revealing that 95% of organizations have experienced data loss in the last year. The biggest risk lies with sharing data on email, with 83% of organizations reporting that they’d suffered email data breaches in the last twelve months.
If data loss was a problem before the pandemic, the move to mass remote working in 2020 has only made matters worse. IT leaders agree, with our study showing that 59% reported an increase in email data loss since the pandemic began. There are a number of reasons for this. The first reason is simple: employees are sending more emails because they’re working remotely. Conversations have, by necessity, moved from face-to-face to digital. Our research revealed that this is widespread, with 85% of employees reporting sending more emails since the pandemic began. With higher email volumes comes a greater surface area for risk.
Email data loss has also risen as a result of the remote working environment. Our research found that 60% of home workers are working in environments where distractions are frequent, such as communal areas where others enter throughout the working day. It’s easy to see how frequent interruptions could increase the risk of a security incident – after all, we all make mistakes when distracted. Employees are feeling worse, too, which leads to more incidents. More than a third (34%) of employees feel more tired since they started working remotely, and 39% report feeling more stressed. Human error feeds on tiredness and stress, and a significant proportion of the remote workforce report feeling this way. Employees are feeling worse, and working in distracting environments – as a consequence, human error can thrive, and it’s no surprise that data loss is growing as a result.
The research the severity of the consequences of data loss for businesses. Organizations are already paying the price of data breaches, with 92% of organizations reporting that they’ve experienced negative consequences as a result. Almost four-in-ten (38%) of IT leaders reported experiencing client churn as a result of data loss, and 37% reported that their organization’s reputation had been damaged as a result. A growing concern is private litigation by data subjects, something which 29% of organizations have experienced. For many organizations, the impacts are already being felt.
Many organizations are considering remote, or hybrid, working as a long-term strategy, now that many employees have shown that their jobs can be done from home. Therefore, this isn’t just a problem that needs to be dealt with just for now –data loss must be a key consideration when implementing a long-term security strategy for remote workers.
So, what can IT teams do to mitigate the risk? The answer is a two-pronged approach which combines training with technology. Security training can be a useful tool in engaging employees with security protocols. By educating employees on the issue of data loss, and its potential impacts, you can reduce some of the likelihood of data loss as a result of reckless behavior, and encourage employees to be more aware of what might cause data loss, such encouraging them to double-check that they’ve included the right attachment before sending.
However, security training, while useful, is limited in its ability to prevent data loss, because human error cannot be ‘trained out’ of people. This is where technology comes in. Advanced DLP tools, which utilize machine learning, are able to prevent data loss as a result of human error in addition to reckless or malicious employee behavior.
This is possible because machine learning enables advanced DLP tools to deeply understand user behavior, recognizing what ‘normal’ behavior looks like when it comes to their use of email. Then, when the user appears to act ‘abnormally’, for example sending an email to a mistyped email address, the tool is able to recognize an increased level of risk, and prompt the user before the email can be sent. These intelligent solutions only prompt users when genuine risk is detected, rather than in response to static rules, which means that data can be kept secure without adding user friction.
By implementing machine learning technology, in addition to a robust training program, organizations can mitigate the growing risk of data loss and provide protection for sensitive data every time it’s shared. In doing so, businesses can protect their remote employees in the long-term, too. It’s vital that data loss is a consideration when implementing long-term strategies to support hybrid working – otherwise, the problem will only continue to grow.