NAIROBI, Kenya, Feb 23 – East African businesses have been advised to formulate governance structures that protect their data from internal attacks, after a survey revealed that employees pose the greatest risk to an organisation’s data and information security.
The survey conducted by International Audit and Consulting firm Deloitte and Touche shows that human errors (intentional or not), account for 80 percent of the amount of information leaked or shared outside an organisation.
Commenting on the findings, Deloitte’s Director for Technology Advisory Services Muchemi Wambugu said the rising number of social networks such as Twitter, Facebook and MySpace, further compound the problem as one is able to easily share information with hundreds of people.
“The availability of information is very rife and so the potential for the risk of loss of data is high because now more than ever a lot of information is being shared across territories, business and what we call the clout competing networks,” Mr Wambugu said.
The findings indicate that technologies such as social networks, blogs, and email increase the internal security challenges in companies. In some cases, employees unintentionally release sensitive information without realising the potential consequences and ultimately, the company could be held responsible.
According to Mr Wambugu the number one priority needs to be protecting the organisation from itself by effecting policies that mitigate the risk of employees inadvertently releasing sensitive material.
“What needs to happen is a well thought-out strategy to solve the data issues we have and implementing policies that limit the amount of data one is privy to and what they can send out,” he said.
The survey also showed that outsourcing of a number of company operations presented a company with a major risk by entrusting control over valuable assets to another organisation.
Companies are advised to regularly review and test its vendors’ security capabilities, controls, and organisational dependencies.