Recent security breaches have prompted banks to spend billions of dollars to protect their IT systems from outside hackers, but they may be ignoring the biggest threat. About 30 percent of data breaches this year came from employee error, according to a survey by the Association of Corporate Counsel.

Employees may unwittingly expose valuable information or leave digital clues that contribute to a breach. Some banks are forbidding workers from using portable devices, restricting what employees they post on social media, or discouraging them from putting “out-of-office” notices in their emails. In many cases, employees are lured into clicking on links that contain malware and allow hackers to access sensitive data.

Many companies have stepped up their investment in cybersecurity, but banks are in particular need of it because they are responsible for so much sensitive customer information and money. Bank of America Corp. Chief Executive Brian Moynihan said that his company’s cybersecurity budget is essentially unlimited, and that it is increasingly focused on risks associated with employees.

Wall Street Journal (12/20/15) Sidel, Robin