Many of the nation’s small business owners may be trusting their employees with a lot of security information about their various accounts, whether it’s online or in the real world, or both. However, a new study found that in many cases, the level of exposure companies face as a result of these allowances is far greater than it needs to be.
Today, about 28 percent of employees said they used the normal business login credentials they’ve been given to access data that has little or nothing to do with their jobs, according to a new survey from the security firm BeyondTrust. Of that group, about one in four said they viewed financial documents and close to half also looked up data related to other employees, such as salary details and personal information.
Interestingly, though, it seems that many businesses are cognizant of the threat this may pose, as two in three say they have some sort of controls in place to prevent employees from accessing this kind of information, but 54 percent of workers say they know how to get around those measures with little difficulty, the report said. In all, about 44 percent of workers have access rights that they do not need to do their jobs, and 80 percent say that it’s likely other employees with similar capabilities will look at sensitive information they don’t have a work-related need to see. Problematically, more than three in four respondents said that this type of risk will only increase over the next few years.
“Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly,” said Brad Hibbert, executive vice president of product strategy at BeyondTrust. “The insider threat has always been a vulnerability we take very seriously at BeyondTrust and it’s our goal to help customers combat this growing problem.”
Owners these days may be so focused on making sure that they’re not hit by a data breach originating from outside their company that they ignore the risks they face internally. However, these problems would have the same end result, and as such, beefing up small business insurance policies to limit the damage, such as tech insurance, may be the wisest course of action. The fallout from even a small data breach can cost such companies tens or even hundreds of thousands of dollars, so remediating those costs is vital.