According to an article recently published by ZDNet, mistakes and human error cause 64% of all data breaches. Although it’s important to guard against hacking, employers who focus exclusively on external threats risk blindness to internal threats of employee negligence and lax information security protocols.
This statistic mirrors the Verizon 2013 Data Breach Investigations Report (DBIR) which reports that,
Two-thirds of breaches involved data stored or “at rest” on assets like databases and file servers. (DBIR, p. 47)
Our experience has shown that most employees never delete old data (most don’t feel empowered to delete old data), leaving it more vulnerable to a breach. Verizon’s report also confirmed that most breaches target storage devices rather than people, since servers, laptops, and other devices contain large amounts of PII and proprietary data at rest. Of all studied breaches,
71% targeted user devices, [and] 54% compromised servers. (DBIR, p. 6, 42)
Now that an average breach affects 23,647 records, and the average cost per breached record is $188 to $199 in the U.S., an average breach could set your company back $400,000 to $500,000 per incident. Eliminating at least 66% of your risk by protecting data at rest and training employees is an incredibly cost-effective strategy.
Regularly scan and clean these your end user devices and servers, and use the opportunity to train employees and improve their behavior. It’s the most cost-effective first step in breach prevention you can take.