When your team opened their Internet browser this morning they immediately started sharing data.
Even before they started typing, packets of information fanned out across the Internet carrying data on the browser they’re using and the operating system they prefer. Then, as they started to hit the keys, every stroke was recorded, as was the speed at which they typed.
All of this data is now out there, drifting through cyberspace. And it’s up for grabs, well within the reach of cybercriminals and digital voyeurs.
News that your employees are leaking such data may not fill you with fear, but a digital fingerprint can be revealing. These prints are made up of the data points mentioned above, but they may also include data that’s automatically generated by enterprise applications such as ERP, marketing automation or accounting tools.
Much like reference points on a biometric print, each of these points means little in isolation. But when they’re connected, patterns start to emerge. Cross-reference this data with other personal identifiable information, such as bank details, email addresses or phone numbers, and an individual’s identity becomes clear.
If you own a business, then digital fingerprints should be a major concern. Fingerprints created on your networks, and on company-owned devices, can expose your business to cyber attacks and compromise employee privacy.
A single fragment of data may enable a hacker to steal an employee’s identity. Equally, it may be the key that allows them to breach your IT security perimeter. We know that cybercriminals use employees to target businesses, and digital fingerprints represent a goldmine of information for any hacker probing for vulnerabilities.
Then there’s the General Data Protection Regulation (GDPR) to consider. If an employee’s digital fingerprint, or a fragment of it, qualifies as personal data, then your business is legally bound to protect it. Failure to do so will result in heavy fines of up to €20 million.
The question is, at what point do these data points start to take shape as a print? And when do a few disparate data points constitute personal data? Answers to these questions aren’t clear-cut. The GDPR is open to interpretation and it’s up to lawyers, not business leaders, to draw conclusions.
What is clear is that employee privacy should now be a boardroom concern for every business. The risk associated with personal data leaks is simply too high to be ignored.
To mitigate this risk, businesses need to understand how much employee data they’re exposing. The only way to do this is to map your data ecosystem – where data is traveling within, and beyond, the reach of your business; how it’s processed and who has access to it. This insight will enable you to identify where data is vulnerable and which security measures are required.
We can provide you with tools that will make this task easier. Our Business Lens solution allows users to dynamically map personal data to create a holistic view of security risks.
Written by Simon Loopuit, Chief Executive Officer
View the Business Lens solution here: