Lost data is expensive. According to Pymts, reporting on a recent Ponemon report, the cost of a"compromised record" rose 6% from $145 to $154 last year. Inisolation this isn't much, but Ponemon found that on average thetotal cost of an average data breach is now $3.8 million. Whilehackers, malware infections and even hardware failures account forsome of this data loss, the biggest risk for organizations comesfrom within: Employees. In most cases this isn't malicious; staffssimply don't know where they're making mistakes. Here are four keyquestions — and answers — to help empower your employees.

How is it shared?

The biggest risk to sensitive files is improper sharing.According to Computer Weekly, six in 10 employees said they had "often orfrequently accidentally forwarded files to individuals notauthorized to see them." E-mail is the most likely culprit,although users also leverage public-file sharing services andsocial sites to quickly disseminate data and help enablecollaboration.

By and large, these services don't support encryption, meaningthat malicious actors can easily "listen in" on e-mailconversations or grab data mid-transit. Your best bet? Establish aclear policy about how data can be shared and what types of filescan be attached.

Where does it live?

For employees, "where" data lives doesn't matter so long as it'seasily retrieved on demand, but differing platforms come withvarying levels of security. Typically, the safest data lives behindcorporate firewalls on local servers where IT administrators caneasily monitor the ebb and flow of information. When data is movedor stored using other platforms, such as the public cloud, ITvisibility is limited. As a result, it's easy for files to becomecorrupted or shared more broadly than intended. To solve thisproblem, educate employees about what type of files must staywithin corporate walls and define specific resources to assist ifstaff has a question about what's permissible in the cloud andwhat's not.

Why is it protected?

Sensitivity of data is also an important factor in keeping filessafe and secure. Consider an industry such as insurance, whichdeals with a variety of personal and non-personal information aboutclients. Data used to create large-scale demographic sets oridentify broad trends isn't as sensitive as customer data such asname, date of birth, vehicle details and number of accidents. Toaccount for this disparity, some data is afforded greaterprotection to limit the risk of accidental compromise. Effectivelyeducating staff means training them to recognize and classify thesedifferent types of data, in turn producing a logically segmentedfile system, which naturally protects critical data.

Who needs access?

Finally, it's important to identify who has access to a givenfile and why. Ideally, companies should limit access to employeesactively working with specific files on a day-to-day basis. Evenexecutives who aren't on these project teams should be kept atarm's length. Why? Compliance. Industries such as health care,insurance and legal are now under intense scrutiny from governmentagencies to ensure that data is properly handled from creation totransportation to destruction.

In Canada, for example, insurers must comply with the country'santi-spam legislation.  If employees with access toconsumer data start sending unsolicited commercial electronicmessages (CEMs), the organization could face a hefty fine. Bottomline? Companies need to limit access to ensure compliance.

Want better data safety? The answer lies in training staff toask the important questions: How, where, why and who.

Martin Johnson is the senior director of marketing anddemand generation at Elastica, which providescloud application security services.