We’ve all made mistakes when it comes to security. Whether that’s accidentally hitting ‘Reply All’, mistakenly sending a report to Sarah in sales instead of Sarah in human resources, absentmindedly clicking on a questionable link, or quickly forwarding an email that turned out to contain sensitive information farther down the thread.

A productive, successful, collaborative workplace requires employees to share information

quickly and efficiently, but that information is often sensitive in nature and increasingly costly should a breach occur. You’ve heard the stats; the average breach costs US$3.86mn - so you understand why it’s so urgent that companies embrace and prioritise data protection. 

Employees need to be empowered to share data confidently and securely. Therefore, for tech leaders, this means implementing a multi-layered approach to security, including:

• Easy-to-use tools that empower employees to protect the information they’re sharing
• Multi-factor authentication and federated identity to govern data access
• Comprehensive employee training and education
• Protecting data at the object level so that it’s safe everywhere it travels and under your control at all times
• A “safety net” that mitigates human error
• Closely monitoring network traffic for anomalies

While mistakes are going to happen, there are steps you can take to mitigate them.

Level The Playing Field With Zero Trust 

Security ecosystems used to be simpler, and confined to a clear network perimeter. That’s no longer the case as multi-cloud environments expand, user endpoints multiply, accelerated by the introduction of the ‘extended enterprise’ and the major shift to remote working in 2020. As a result, threat actors have a larger attack surface and number of access points to go after, fuelling the need to shift to a Zero-Trust approach.

By implementing Zero Trust framework that pairs data protection with strong, federated identity management, you can ensure every user and every system is treated with equal caution when it comes to accessing and sharing data.You're all on the same team, working to ensure your company’s most vital asset remains secure.

Adopt Security That Travels With The Data 

The average enterprise has over 500 applications that data is either stored in, shared from, or travels through - email, file sharing platforms, SaaS applications and cloud environments. Every application amplifies the risk of a data breach without the right protection in place, but what happens when that data leaves your network?

If you implement a data-centric security strategy this will protect data with object-level encryption. It will essentially wrap each file or message with its own distinct layer of protection, making data sharing far more manageable. 

Another benefit of data-centric security is that it protects the data itself, everywhere it travels, leaving you with greater flexibility for the future. This is instrumental in setting yourself up for success in a security landscape that evolves so rapidly. By protecting the data itself, everywhere it travels, you have the flexibility to adopt new tools and vendors, equipping your employees with the collaboration and data sharing tools they want to use. With data-centric methodologies, you can be confident that your strategy is sustainable for the future. With this mindset, you’ll choose vendors and partners that align with your approach and can provide you with full control over your own data, everywhere it goes. 

Eliminate Unnecessary Friction

Generally, employees need to make some kind of tradeoff between convenience and security. Authenticating their identity for multi factor authentication adds a step to the log-in process. Encrypting an email adds an additional step to sending. Slowing down and taking a moment to examine a suspicious email takes some conscious effort. 

The key to getting employees to adopt your security recommendations and tools is to make them truly simple, seamless, and easy to use. 

Ask yourself:

• How can I free up my employees to do their jobs to the best of their ability?
• Where can I remove friction to enable them to communicate and innovate more seamlessly? Which legacy tools and products are no longer meeting our needs? (Or aren’t evolving rapidly enough to keep pace with my organisation?)
• How can I surprise my team with easy-to-use solutions? 

The end-user experience is critical to consider. Your executive team, customer success teams, and sales teams place high value on making a good impression, and they want to put their best foot forward. If they know your encryption tools are going to be clunky or create hurdles for their customers, they probably won’t Look for solutions that are integrated natively within both Gmail and Microsoft Outlook and use them.

But if you adopt a solution that empowers your employees with ease of use and security, it’s a win-win.

Construct A Safety Net For Human Error

In a perfect world, your employees would continually operate with security in mind, making the best decisions to protect their data, every time. But we don’t live in a perfect world so we need to create a safety net for when employees don’t make the right decisions. 

Look for solutions that allow you to choose how to put certain DLP rules in motion: Equip your organisation to automatically encrypt certain types of data, or warn users when potentially sensitive information is detected in an email. For example, an organisation could choose to always encrypt emails containing a bank account number, but in cases of an address or phone number being shared, they could issue a warning to the sender and allow them to make the final decision. That reminder can be a useful nudge to get employees to think about securing their data, so many administrators use it as an educational opportunity. 

Give Employees Autonomy 

Sometimes, data sharing isn’t black and white. Data sensitivity is nuanced, and each situation may call for its own parameters for sharing data. Put the control into the hands of the end user, give them options for setting parameters around how their data can be used. Select solutions that provide the ability to revoke access to files or messages at any time. If a third-party vendor experiences a breach, or a certain file was inadvertently shared, or the user mistakenly hit “Reply All,” access can be immediately revoked, even if that file has already been viewed by the recipient. 

This gives the employee an opportunity to correct their own mistakes. Rather than hoping their data doesn’t end up in the wrong hands, they can take control immediately, at any time. 

Now that’s empowerment.