A study by Veritas found that businesses are losing critical data such as customer orders and financial data as office workers are embarrassed to report data loss or ransomware issues when using cloud applications.
In addition, more than half of 11,500 workers surveyed across Australia, China, France, Germany, Singapore, South Korea, UAE, UK and US reported accidentally deleting files hosted in the cloud—such as business documents, presentations and spreadsheets—and as many as 14% do so multiple times per week.
Clearly, blaming or punishing employees is not going to recover lost data or minimise the impact of corrupted cloud-based data. Andy Ng, Vice-President and Managing Director, Asia Pacific and Japan region, Veritas Technologies shares how employers can motivate workers to come forward as soon as possible when data loss or ransomware attacks happen so that IT teams can respond quickly enough to take remedial action.
“Organisations must foster a transparent and supportive working environment to ensure employees are well engaged in today’s ever-changing cyberthreat landscape. While blame culture is rife when it comes to cyber breaches or attacks, it is hardly ever helpful in addressing the root cause of the problem. No organisation is fully secure unless employees recognise their role does make a difference in the safekeeping of the most valuable data assets,” explained Ng.
“The first step to cultivating a supportive work environment starts with openly communicating that any new security software or tools would be used for the purpose of keeping data secure and not for snooping or tracking productivity. Fostering a fail-safe culture will also be instrumental in encouraging employees to escalate any concerns or questions regarding security protocols and procedures.”
“Moreover, it is crucial for businesses to understand that information security is a team sport. Building a positive cyber safe culture helps to protect businesses from malicious ransomware attacks and cyber threats and enables businesses to educate its teams on how to put good cyber hygiene into practice.”
Why a backup and protection strategy is critical
With the hybrid workplace here to stay, Ng emphasised that companies must put in place a comprehensive backup and protection strategy to prevent data loss.
“Employees are increasingly reliant on cloud-based technologies to get their tasks done. According to our latest research findings, nearly all Singapore employees polled (92%) thought their cloud provider would be able to restore their files for them. In addition, almost half (44%) of office workers here think data in the cloud is safer from ransomware because they assume their cloud providers are protecting it from malware they might accidentally introduce.”
Businesses must understand that storing data in the cloud does not automatically make it safe, it still requires strong data protection Ng said, adding that they are also responsible for implementing their own data protection policies, no matter where the data resides.
To develop a robust data backup and protection strategy in place, he said the following should be kept in mind:
- Clear retention policies should be implemented to determine how long data should be retained for operational and compliance needs, who has access to the data and classify data storage according to tiers.
- Businesses should train their employees on the policies and tools that are deployed on a regular basis. This will reduce any potential or accidental policy breaches such as data deletion and ensures that employees know how to access and retrieve data that is lost, corrupted, or compromised in a timely manner.
- The culture of shame and punishment should also be eliminated. Employees should instead be encouraged and empowered to come forward in the event of data loss incidents and security breaches.