Data breaches can put your New York business in the headlines for all the wrong reasons. These incidents can affect your company’s bottom line and its reputation.

According to The National Law Review, employees and other insiders like vendors are responsible for most data breaches. While hackers are a problem, businesses must also protect against threats that come from within.

Unintentional insider threats

Sometimes an insider with access to a company’s IT system will inadvertently harm data security. They may fall for a phishing scam, for example, allowing a malicious outsider to gain access to critical data.

Malicious insider threats

A malicious insider is someone with access to a company’s data who intentionally misuses it or breaches data confidentiality. A malicious insider may be, for example, a disgruntled former employee whose credentials still work and who wants to harm the company.

Job position vulnerability

Businesses must routinely check access to and security of sensitive data on employees, trade secrets, customers and other confidential information. IT managers must always know which job positions have access to critical data and which employees have administrative privileges on computer networks.

New hires

Companies must have clear computer policies for all personnel and communicate them even before hiring a new employee. They may also perform background checks and enroll new hires in security training to ensure everyone knows the policies and follows them.

Data exposure

Every business must have a response plan of steps to take once an insider exposes data. But prevention through careful hiring and rigorous training is better than having to respond after a data breach occurs.