Corporate leaks of classified or sensitive information are prone to occur, ranging from simple human mistakes to full-blown dataset hacks. Companies need to be aware of such risks.

A number of research centers specializing in data security found that employee negligence caused major insider data breaches in the last two years.

A survey done by Haytax, a company specializing in data security, revealed that employees and contractors are the main causes of data breaches. In line with that, according to the Ponemon Institute, 56% of insider threats are caused by negligence.

An illustration of minor negligence

The following story illustrates how slight negligence committed by an employee can be catastrophic. This case happened in May 2021, when a flashcard app user discovered a publicly accessible online flashcard used by American soldiers to help them learn and remember the security protocols of a military base.

Due to the demands of complex security procedures that require memorization, some members of the military used a flashcard learning application. Unfortunately, this application was publicly accessible, thereby inadvertently revealing sensitive security secrets regarding America’s nuclear weapons.

The flashcard application used by members of the military not only identified the locations of nuclear weapons bases but also specifically mentioned nuclear weapons storage units in detail. From this application, it was also possible to know the exact and specific security protocols, such as the locations of surveillance cameras, guard patrol schedules, passwords, and other special things needed in the weapons areas.

It is unclear why or how this data ended up being publicly searchable. However, according to the Quizlet website, it is said that it happened because the flashcard app was set to public visibility by default, so users have to set privacy manually.

The lesson to learn

The lesson that can be taken from this story is not to be taken lightly. Every small negligence, such as sending valuable data to incorrect recipients via email, accidentally emailing documents with sensitive data, or unintentionally exposing a company’s sensitive information to the public puts the company’s data and system at risk.

According to studies, there are various causes of negligence, including failure to safeguard their gadgets, failure to adhere to the company’s security policy, as well as failure to patch and update the security system.

Hence, first, it is extremely important for any organization to run frequent security training with its employees, specifically with regard to internal communication. Chats between colleagues can be done in various forms, including online. Popular chat applications, such as Whatsapp, LINE, or KakaoTalk, have become a common medium of communication in the office.

Therefore, companies must understand the risks posed by such applications, from data storage to encryption. Applications that have strong security systems should be a priority to use—even if they don’t have many features.

Secondly, work emails remain the safest way to communicate between team members. Encrypted emails are still the easiest and one of the most shielded forms of communication. However, it is important to emphasize that professional email accounts are not for personal use. Using your work email is a representation of your company, so the topics discussed in the email should be company-related.

Third, firms need to train employees in the sharing of public and private information on these apps. Lots of applications have their default settings displaying user information and rendering them accessible to the public. Changing those settings to private is a must.

Implementing regular safety training sessions and follow-ups are incredibly important to any firm. Information and confidential leaks can happen very quickly due to simple and naive mistakes that can and should be avoided.

Image by rawpixel.com on Freepik