Many company executives claim that the biggest threats to their data are , such as hackers or state-funded cyber-threats. However, companies are actually more likely to experience a data breach from an internal source, whether it is malicious or accidental. privacy external threats While data breaches by hackers or state-funded cyber-terrorism get the bulk of the attention (external threats), company leaders need to understand the need to be vigilant with current and former employees. , 63% of respondents said they'd taken data from their previous company when they left a job. If more than 60% are admitting it, then the actual percentage is likely much higher. It’s not just younger employees -- who may be more likely to job-hop -- that are doing this. On average, 46% of workers say they have taken data with them to a new employer. In one survey However, almost 70% of , those most likely (after IT) to have access to company data, take some form of data with them to their next company. company directors Employees bringing over with them is just one aspect of an internal security breach. Almost 80% of and executives were more likely to intentionally share data against company policy according to another survey, compared with about 10% of administrative staff. data senior-level employees While employees and contractors are considered the , it is the users with access to sensitive information that are perceived to pose the largest threat, followed by consultants and contractors. number one cause of data breaches Not necessarily malicious This sharing may not be malicious. It can simply be a conversation at a meeting, an employee trying to impress a client, or the employee not having been trained adequately in protocols for keeping information secure. An example of the latter was the March 2016 . This employee “ ” downloaded sensitive data relating to 44,000 customers onto a personal storage device. Fortunately, the download was quickly discovered, the employee realized the mistake, and signed a statement that the information had not been used. data breach by an employee of the Federal Deposit Insurance Corp inadvertently and without malicious intent That incident may have ended well, but most don’t. According to one security institute, breaches from employees or contractors with access to data were the leading cause of data breaches. The average cost of damage or theft from these breaches is . greater than $1 million Likely, your company doesn’t have a spare million dollars it can access to replace and upgrade IT infrastructure and assets. But why do these incidents ? keep occurring Insufficient data protection strategies and solutions An increasing number of devices with access to sensitive data The proliferation of sensitive data moving outside the firewall on mobile devices More employees, contractors, partners accessing the network Greater complexity of technology Growing adaption to the use of cloud apps and infrastructure What can be done leaders must understand what data is at risk at their company once there is an awareness of the broader scope of the issues. They then need to look at systems and employee training methods to protect data from inside breaches. Surveys generally have reported that were both at risk. IT employee data and intellectual property The same report noted that phishing remains the most cited cause of unintentional breaches. Again, upper-level executives were more likely than administrative staff to fall for this, as more than 60% of directors said they had sent data to the wrong person compared with less than 45% of administrative staff. It is important to remember that the hacker aims to obtain data or information that can be sold. They do this by gaining access to a system by getting credentials or having an employee send them the data. Once a hacker is inside the system, they can then acquire access to any data that isn’t additionally protected. People will make mistakes. Phishing attacks are increasingly sophisticated. However, IT leaders can significantly increase awareness and decrease the risk of these attacks by taking certain steps: Maintaining employee training on cybersecurity and risk Keeping up-to-date on employee access levels Changing these access levels when necessary Changing passwords regularly across the company Requiring on specific resources multifactor authentication Providing a secure off-boarding process for when an employee leaves the company None of these steps will make the CTO popular with the CFO, as they all require time and resources. When compared to the alternative, taking the initiative and putting processes in place to reduce the risk of an internal data breach is worthwhile.