You may be surprised to learn that employees and other insiders can put an organization’s sensitive and confidential information at risk. In fact, security experts believe the threats posed by insiders are becoming more prevalent because of the mobility of the workforce, proliferation of mobile data-bearing devices and the consumerization of IT.
In its The Human Factor in Data Protection study, the Ponemon Institute found that employees losing laptops or other mobile devices, mishandling of data at rest and in motion and malicious employees or other insiders are the root causes of many of the data breaches in organizations.
“Unfortunately, it seems that even when employees make unintentional mistakes most of these breaches are only discovered accidentally,” said the study findings. “Rarely do employees self-report the incident.”
The findings noted that while technologies are important in data protection, it is also “critical for organizations to reduce the risk of employee negligence or maliciousness through policies, training, monitoring and enforcement.”
The Ponemon Institute conducts independent research on privacy, data protection and information security policy through policies, training, monitoring and enforcement.
10 risky practices
These are 10 risky practices that employees routinely engage in, according to the findings of the Ponemon Institute study.
1. Connecting computers to the Internet through an insecure wireless network.
2. Not deleting information on their computer when no longer necessary.
3. Sharing passwords with others.
4. Reusing the same password and username on different websites.
5. Using generic USB drives not encrypted or safeguarded by other means.
6. Leaving computers unattended when outside the workplace.
7.Losing a USB drive possibly containing confidential data and not immediately notifying their organization.
8. Working on a laptop when traveling and not using a privacy screen.
9. Carrying unnecessary sensitive information on a laptop when traveling.
10. Using personally-owned mobile devices that connect to their organization’s network.