Ransomware, viruses and hackersoh my! There are so many threats to an organization’s data security nowadays that IT experts’ heads are constantly on a swivel.

Don’t get lost in the headlines, though. One of the biggest, yet least talked about threats already has access to all of your company’s information—employees.

Internal risk
The security risks posed by employees is often underestimated, according to Data Breach Today. These individuals are often given complete control of data centers, or put in charge of ensuring a company is compliant. Without the proper training, one tiny incident can have lasting consequences.

“Insider threat is becoming one of the largest threats to organizations, and some cyberattacks may be insider-driven,” a monthly cyber threat awareness newsletter from the HIPAA enforcement agency said. “Although all insider threats are not malicious or intentional, the effect of these threats can be damaging to a covered entity and business associate and have a negative impact on the confidentiality, integrity and availability of its electronic protected health information.”

In fact, a report from Baker Hostetler found that employee negligence was far and away the most recognized cause of a data breach. The study reported that 37 percent of data breaches in 2014 were attributed to this reason, while just 22 percent stemmed from external hackers.

Employees can hand over confidential data to hackers without even realizing it.

Where did your company go wrong?
There’s often one underlying factor regarding these types of data breaches—lack of training. This is especially true in the health care sphere, where some employees simply toss old computers or other electronic devices that once contained patient health records in the trash without even realizing what they’ve done.

The first step an organization should take is educating its employees about the dangers of recycling old media without properly erasing its data beforehand. Once a computer is out of their hands, the information on it is up for grabs.

Degaussing is approved by the National Security Agency as a safe way to securely erase data from hard disk drives, tapes and computers. This is because the degaussing devices demagnetize the stored media, rendering it entirely unreadable and thus keeping an organization compliant with some of the more strict data protection laws.

The truth is, many employees don’t know this method even exists. Training sessions can help educate employees on how to keep company information safe and out of hackers hands, and in turn, protect clients or patients as well.