Your Biggest Data Security Threat Could Be….

Biggest Data Security Threat

Your biggest data security threat could be sitting next to you…

Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved.

But although more and more businesses are taking steps to improve data security, few are considering the most likely cause of such a threat: human error. According to our Voice of IT report, human error is perceived to be the biggest threat to an organisation’s IT security.

However, when looking within, there’s not one, but three personas to consider: careless employees, disgruntled employees, and uninformed employees.

Careless employees

Some of the biggest and most embarrassing data breaches have been from employees taking information out of an organisation and accidentally leaving that information in a public place. In 2008, a USB stick containing a list of passwords for a UK Government computer system was found in a car park pub in Staffordshire. The following year, a health worker from Lancashire lost a memory stick containing the personal details of more than 6,000 current and ex-prisoners (while the data was encrypted, the password had been written on the back of the USB pen.) In 2010, an Apple engineer accidentally left a prototype for the not-yet-released 4th generation iPhone in a bar in California. These are just a few of the most famous examples of employees accidentally leaving confidential data in public places.

The lesson here is that companies need to think long and hard about the information they’re willing to allow employees to take out of the business premises. These days, as more and more employees access emails and corporate files from mobile devices, this is especially important. An unlocked smartphone that’s logged into a company system can be just as dangerous as a USB drive with all the information already downloaded onto it.

Disgruntled employees

Disgruntled employees arguably pose the biggest threat of all. Depending on the seniority of the employee, an employee may not only have access to sensitive company information and documents, but also to networks, admin accounts, and data centres.

According to some cyber experts, the extremely costly 2014 Sony Pictures hack was not an attack from North Korea but the result of a disgruntled employee. Whether or not that’s true is still up for debate, but the fact that Sony is willing to entertain it highlights the fact that some employees have too much power and given an opportunity could cause serious problems.

The Sony Pictures hack isn’t the first example of a disgruntled IT employee wreaking havoc. In 2008, Los Angeles city network admin Terry Childs reset the passwords for the city’s FibreWan network. Childs, a very disgruntled employee, then refused to hand over the passwords and brought the city into a state of digital lockdown for several days.

While obviously Childs is very much to blame here, human error is also to blame on the part of his superiors, who gave him too much freedom and responsibility. The lesson here is that no matter how important an employee is, they shouldn’t be given too much digital freedom, particularly when it comes to admin rights. The more administrators there are for different sections of the business, the less damaging an internal attack will be.

It’s also important to remember that most attacks by disgruntled employees happen after an employee has been laid off. This gives most companies ample time to reset important passwords and prevent an attack from a future disgruntled employee.

Uninformed employees

Data security isn’t something that regularly crosses the minds of most employees.

In 2015, French TV station TV5Monde was taken off the air by hackers purporting to be a part of the Islamic State. TV5Monde’s website and social media accounts were both affected.

The following day, staff from TV5Monde were interviewed to discuss the attack in front of a wall which had several sheets of very sensitive company information stuck to it. According to several sources, the sheets of papers contained lists of the company’s social media accounts and passwords. Other footage from the interviews showed post-it notes on computers containing passwords for other important company accounts.

Ignoring the fact that some passwords were as simple as ‘youtubepassword’, the lesson here is to educate employees regularly on the importance of data security. While most employees won’t ever be interviewed on national television, there may be other ways that they could unwittingly share important company information. In the past social media, accident emails, accidental email attachments, and viruses have all resulted in sensitive company information being leaked outside of the company.

Therefore, proactivity is vital to the wellbeing of IT infrastructure. Along with training employees on best practice, some companies are investing in risk management software – combining big data analytics with an understanding of human behaviour – to identify internal threats before they strike.

Fear of the unknown is justified but, when it comes to security, the devil you know could be your biggest danger.

By George Foot

Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the training of its Natural Language Understanding (NLU) model prior to ...
Gary Taylor

Addressing 5 Key Risks for the Hybrid Worker

Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Gary Bernstein

5 Popular Telemedicine Software Services

Telemedicine Software Since the beginning of the Covid-19 pandemic, telemedicine software services have become extremely popular, and every day more people are using this service instead of going to hospitals and emergency departments as they ...
Matthew Groves

Episode 14: NoSQL – What the Media is Saying

NoSQL and the Media NoSQL is becoming the must have for organizations needing to manage data in ways that traditional relational databases were just not designed for. What has the industry media been saying about ...
Doug Hazelman Cloudberry

Managing an Increasingly Complex IT Environment

Managing Complex IT Environments The hybrid work model is here to stay—at least for the time being. That’s how things feel in these still uncertain times. This new way of work that has evolved from ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.