Just because HR can help to stop data breaches doesn’t mean it might not have a role in causing it.

The HR department is, in fact, among the biggest security threats to organisations today.

That was the key finding of a survey by Clearswift, which polled over 500 information technology decision makers and 4000 employees.

The report found nearly half of respondents (46%) indicated that finance departments posed a security threat to their organisation.

Almost four out of 10 (39%) said the same of the HR function.

The report suggested such results might be attributed to the fact that finance and HR hold sensitive data, and might be prone to accidently sending personal (salaries, social security numbers, bank accounts, etc.) or proprietary (contracts, customer details, etc.) information to the wrong person(s).

ALSO READ: Singapore firms lose $1.3 billion from data loss and unplanned downtime

“Despite all the security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it,” explained Heath Davies, chief executive officer, Clearswift.

“We’re not proposing targeting individuals, but if you can understand the combination of factors that make certain people in certain roles more of a risk, you can focus your resources on ensuring those breaches don’t happen.”

The survey also profiled the type of individual most likely to cause such breaches.

It found 33% of respondents believed middle management posed the biggest security threat (compared to 19% for senior management and 16% for executives).

Almost half (49%) stated that permanenet employees are more likely to cause a breach, with 79% saying male employees were more likely to do so than female ones.

“Senior managers are generally in tune with the consequences of data loss, while junior people often don’t have access to the kind of data that can cause disasters,” said Davies.

“Middle aged, middle managers are in between – having access to the data, but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure, and so may be more inclined to take risks.”

Image: Shutterstock