The HR department isn’t technical enough to understand that critical & invaluable company data can easily walk out the door (or out the network) any day of the week. There are SO many ways to get data out if you really wanted to. Most companies don’t monitor outbound email, they don’t control what you copy to a thumb drive, nor can they monitor what you might upload to a website or web-based email account. Those are just 3 that come to my head. Today, Cisco announed the 10 most common ways that data is lost from companies (and how to try to prevent it). Below are the 10 most common ways, you can read more about how to prevent it (from a Cisco networking & security perspective) at their website. Whether you use Cisco equipment or not, you need to consider all of these sources of data loss as they may not all be controlled using a “firewall”, let’s say.
The following is from Cisco’s press release: Cisco Research Reveals Common Data Loss Mistakes
Of the many behavioral findings, the 10 most noteworthy were:
- 1. Altering security settings on computers: One of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. This was most common in emerging economies like China and India. When asked why, more than half (52 percent) said they simply wanted to access the site; a third said, “it’s no one’s business” which sites they access.
2. Use of unauthorized applications: Seven of 10 IT professionals said employee access of unauthorized applications and Web sites (e.g. unsanctioned social media, music download software, online shopping venues) ultimately resulted in as many as half of their companies’ data loss incidents. This belief was most common in countries like the United States (74 percent) and India (79 percent).
3. Unauthorized network/facility access: In the past year, two of five IT pros dealt with employees accessing unauthorized parts of a network or facility. This was most prevalent in China, where almost two of three respondents encountered this issue. Of those who reported this issue globally, two-thirds encountered multiple incidents in the past year, and 14 percent encountered this issue monthly.
4. Sharing sensitive corporate information: In a sign that corporate trade secrets aren’t always secret, one of four employees (24 percent) admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers. When asked why, some of the most common answers included, “I needed to bounce an idea off someone”, “I needed to vent”, and “I did not see anything wrong with it.”
5. Sharing corporate devices: In a sign that data isn’t always in the hands of the right people, almost half of the employees surveyed (44 percent) share work devices with others, such as non-employees, without supervision.
6. Blurring of work and personal devices, communications: Almost two of three employees admitted using work computers daily for personal use. Activities included music downloads, shopping, banking, blogging, participating in chat groups, and more. Half of the employees use personal email to reach customers and colleagues, but only 40 percent said this is authorized by IT.
7. Unprotected devices: At least one in three employees leave computers logged on and unlocked when they’re away from their desk. These employees also tend to leave laptops on their desks overnight, sometimes without logging off, creating potential theft incidents and access to corporate and personal data.
8. Storing logins and passwords: One in five employees store system logins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. In some countries like China (28 percent), employees reported storing logins and passwords to personal financial accounts on their work devices, leaving their identity and finances at risk. The fact that some employees leave devices unattended magnifies this risk.
9. Losing portable storage devices: Almost one in four (22 percent) employees carry corporate data on portable storage devices outside of the office. This is most prevalent in China (41 percent) and presents risks when devices are lost or stolen.
10. Allowing “tailgating” and unsupervised roaming: More than one in five (22 percent) German employees allow non-employees to roam around offices unsupervised. The study average was 13 percent. And 18 percent have allowed unknown individuals to tailgate behind employees into corporate facilities.