I was reading a recent article where an employee of the Manchester Police lost a USB drive. The Daily Star that reported the breach wrote that a high-ranking source in the department said whoever lost the drive was in for “a right rollicking”. Meaning some punishment of some sort will be awarded to the person responsible.

But who should be blamed for a data breach, employee or employer? Whenever there is a data breach, it is the person that looses the data who is made the scapegoat. There are many information security endpoint tools that can help users keep confidential data safe from prying eyes. I believe organisations should take a serious look at their internal processes whenever there is a data breach, and ask what can be done to reduce human error or a deliberate effort to steal data. We are all humans and things get lost and forgotten, the question is what needs to be done to make the confidential data inaccessible to unauthorised persons?For example, by employing tools like Data Leakage Prevention and Enterprise Rights Management the aforementioned data breach could have been prevented. Data Leakage Prevention can prevent confidential data from being copied to external media or sent by email if the person is not authorised to do so, but where authorised the files are protected with Enterprise Rights Management ensuring persistent security on the files copied across. This is all done transparently without user intervention.

It is only after an organisation has employed the right tools that it can begin to hold its employees responsible for a security breach. Today organisations need to let technology protect their data with little or no human interference and reduce the possibility of a data breach.