STOP, Collaborate and Listen: Where Employee Vulnerabilities Put Data at Risk

Wednesday, September 07, 2016

Ron Arden


In most, if not all organizations, collaboration is not only essential to business, it is the key to success. Every day employees email, instant message, transfer and download digital files, all without a second thought about the data they are sharing and where that data may end up. Do these files contain high valued or confidential information? Is the employee allowed to have access to such data? Does the organization even know who is accessing the information, how they are accessing it and what they are doing with it?

It is easy for an organization to lose sight of model employee activity because they are laser focused on preventing external malicious actors from accessing their systems and the data they contain. Those model employees can, albeit unknowingly, expose the company’s vulnerabilities just by performing the daily activities of their job. For example, an employee working remotely via a non-secure network could send a file to a co-worker and by doing so open the file up for exploitation on that network. The receiving employee could then print that data and carry it outside of the organization’s walls. Will they be vigilant in where they leave that data? 

A recent Ponemon study, “Risky Business: How Company Insiders Put High Value Information at Risk,” found that the primary cause of data breaches is careless employees (56%). This statistic is evidence that organizations must prioritize the importance of controlling employee access to data and setting concrete guidelines on how that data can be accessed and shared. It is crucial for companies to educate employees on their own access, what that entails and the consequences of not following protocol which can end with a data breach.

Education and training can only go so far, which is why implementing a data security framework helps to fill the gap created by human error. The Ponemon study determined that 70 percent of respondents could not confidently locate confidential information in their own systems. A data security framework can assist those organizations by not only identifying where their sensitive information is stored, but also controlling the permissions of those employees who can access it and monitoring the usage of those authorized users.  

Whether it is the company’s trade secrets, product designs, financial data or the personal information of customers, businesses must protect high value information from landing in the hands of the wrong individual or threat group. Incorporating a data security framework and enforcing employee training, policies and education helps to ensure this data remains in the possession of the intended parties.  

Possibly Related Articles:
Enterprise Security Security Training
Insider Threats employee Vulnerability
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.