In the latest Kaspersky Lab’s survey, four in 10 South African employees admitted to accidentally accessing confidential information about their colleagues – such as salary and bonus information.
Payroll details is just one example of the sensitive personal data that reside on companies’ servers today. If leaked in public due to a lack of security and access consideration, it can not only undermine team spirit, but also lead to more drastic consequences such as possible cyberattacks, regulatory fines for data protection non-compliance and lawsuits from affected employees.
One of the factors that may lead to work files being accessed by unauthorised people is that less than half (41%) of employees in South Africa periodically check and amend the access rights for shared documents or collaboration work services that they use.
Whenever someone leaves the company or transits to another department within the same firm, it’s essential that they have their access annulled immediately. Otherwise, it creates risks for the organisation and for the people working in it.
This is part of a bigger problem called ‘digital clutter’ which stands for the uncontrolled proliferation and sharing of working files and documents that are kept without the necessary precautions. The lack of procedures and policies in place to regulate the digital order may lead to a blurred responsibility and general indifference among employees regarding the flow of documents — inside and outside the company. According to the report, only 26% of South Africans know exactly what is stored in each shared document or collaboration work services they access.
The challenge of ‘digital clutter’ is especially alarming for small and medium size businesses that are prioritising business growth while leaving security and IT management issues in the hands of non-specialist employees or, at best, outsourcing to an external IT service provider.
“In most cases, working in an office today means working with sensitive and personal data,” said Dmitry Aleshin, VP, Product Marketing at Kaspersky Lab.
“Training of employees and regular reminding them about basic cybersecurity rules is essential. In order to protect themselves from related risks, businesses should start paying attention to security awareness, protection and policies.
“Employees, from regular ones to IT specialists, need to know how to use services for file sharing, collaborative work, how to encrypt important documents and how to recognise a phishing email. There are solutions and services in the market that can help with this.”