Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security

Your biggest data security threat could be sitting next to you…

Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved.

But although more and more businesses are taking steps to improve data security, few are considering the most likely cause of such a threat: human error. According to our Voice of IT report, human error is perceived to be the biggest threat to an organisation’s IT security.

However, when looking within, there’s not one, but three personas to consider: careless employees, disgruntled employees, and uninformed employees.

Careless employees

shutterstock_330409193

(Image Source: Shutterstock)

Some of the biggest and most embarrassing data breaches have been from employees taking information out of an organisation and accidentally leaving that information in a public place. In 2008, a USB stick containing a list of passwords for a UK government computer system was found in a car park pub in Staffordshire. The following year, a health worker from Lancashire lost a memory stick containing the personal details of more than 6,000 current and ex-prisoners (while the data was encrypted, the password had been written on the back of the USB pen.) In 2010, an Apple engineer accidentally left a prototype for the not-yet-released 4th generation iPhone in a bar in California. These are just a few of the most famous examples of employees accidentally leaving confidential data in public places.

The lesson here is that companies need to think long and hard about the information they’re willing to allow employees to take out of the business premises. These days, as more and more employees access emails and corporate files from mobile devices, this is especially important. An unlocked smartphone that’s logged into a company system can be just as dangerous as a USB drive with all the information already downloaded onto it.

Disgruntled employees

shutterstock_63966280

Disgruntled employees arguably pose the biggest threat of all. Depending on the seniority of the employee, an employee may not only have access to sensitive company information and documents, but also to networks, admin accounts, and data centres.

According to some cyber experts, the extremely costly 2014 Sony Pictures hack was not an attack from North Korea but the result of a disgruntled employee. Whether or not that’s true is still up for debate, but the fact that Sony is willing to entertain it highlights the fact that some employees have too much power and given an opportunity could cause serious problems.

The Sony Pictures hack isn’t the first example of a disgruntled IT employee wreaking havoc. In 2008, Los Angeles city network admin Terry Childs reset the passwords for the city’s FibreWan network. Childs, a very disgruntled employee, then refused to hand over the passwords and brought the city into a state of digital lockdown for several days.

While obviously Childs is very much to blame here, human error is also to blame on the part of his superiors, who gave him too much freedom and responsibility. The lesson here is that no matter how important an employee is, they shouldn’t be given too much digital freedom, particularly when it comes to admin rights. The more administrators there are for different sections of the business, the less damaging an internal attack will be.

It’s also important to remember that most attacks by disgruntled employees happen after an employee has been laid off. This gives most companies ample time to reset important passwords and prevent an attack from a future disgruntled employee.

Uninformed employees

Data security isn’t something that regularly crosses the minds of most employees.

In 2015, French TV station TV5Monde was taken off the air by hackers purporting to be a part of the Islamic State. TV5Monde’s website and social media accounts were both affected.

The following day, staff from TV5Monde were interviewed to discuss the attack in front of a wall which had several sheets of very sensitive company information stuck to it. According to several sources, the sheets of papers contained lists of the company’s social media accounts and passwords. Other footage from the interviews showed post-it notes on computers containing passwords for other important company accounts.

Ignoring the fact that some passwords were as simple as ‘youtubepassword’, the lesson here is to educate employees regularly on the importance of data security. While most employees won’t ever be interviewed on national television, there may be other ways that they could unwittingly share important company information. In the past social media, accident emails, accidental email attachments, and viruses have all resulted in sensitive company information being leaked outside of the company.

Therefore, proactivity is vital to the wellbeing of IT infrastructure. Along with training employees on best practice, some companies are investing in risk management software – combining big data analytics with an understanding of human behaviour – to identify internal threats before they strike.

Fear of the unknown is justified but, when it comes to security, the devil you know could be your biggest danger.

By George Foot

About George Foot

Vice President Kensington Europe & Global Marketing

George has been a part of Kensington for over 10 years and now serves as the Vice President for Kensington Europe & Global Marketing. George has extensive experience within the consumer electronics industry and possesses a great passion for technology. He is responsible for setting the vision and strategy for the region, Go-To-Market delivery and sales performance.

View Website
View All Articles

Sorry, comments are closed for this post.

Comics
Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and expertise to operate efficient cloud infrastructure and applications. Organizations patronizing those companies benefitted with apps that offered new benefits in flexibility, scalability and cost effectiveness. These days, the sharp division between cloud and on-premises infrastructure…