News headlines may make it sound like there's always an organized cybercriminal syndicate waiting to break down the firewall and steal everything in the corporate network. Flashy headlines and referencing scary hacktivist groups may be good for the media, but those strategies also take attention away from significantly more common risks.

Not to say it isn't important to guard against external threats, but data security is largely about awareness. For example, if there's suddenly a spike in attacks against financial institutions in the United States, as was the case in September of last year, it's probably a good idea to shore up on network defenses and ensure antivirus software is up to date. However, it's far more likely that a data breach will happen for more mundane reasons.

Citing research from advisory firm Forrester, PCWorld columnist John Dunn noted that external attacks only represent approximately 25 percent of security incidents. Meanwhile, lost or stolen devices account for 31 percent of all data breaches and inadvertent misuse by an employee accounts for 27 percent. That means 58 percent of incidents aren't caused by malicious entities and could be mitigated by utilizing data encryption software effectively.

"It’s not simply just a matter of having the appropriate tools and controls in place," said researcher Heidi Shey. "It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organization’s current security policies."

The article also mentioned mobility trends such as bring-your-own-device as a driving force behind the challenges faced in implementing data security solutions. As TechNewsWorld writer Richard Adhikari recently noted, mobile security is a legitimate concern with large increases in the amount of malware targeting smartphones. Despite the increasing volume of data mobile devices carry these days, they're not the only places for information to slip through the cracks. Shey noted that it is important that employees not only use data protection software but understand their company's data security policies.

Making employees a part of the data protection equation also addresses another concern related to mobility: worker privacy. BYOD has made it more difficult to differentiate between corporate data and personal data because they frequently reside on the same device. Involving employees during the policy crafting phase can increase awareness of encryption best practices.