When you think of security or data breaches, the picture that comes to mind is that of a hacker. Someone who either creates a denial of service attack to lock you out of your system, or gets hold of your passwords and accesses privileged and confidential information. But the reality is only 8 % of data breaches are due to hackers
The real reason for security loopholes are not external but internal within the organization.
“Most breaches are the result of lost or stolen employee portable electronic devices such as phones, laptops, backup tapes, CDs, and thumb drives.”
In fact, 35% of data breaches were caused by the loss of a laptop or other mobile devices, 32% by third party mishaps or mistakes, and 22% by malicious employees or other insiders. Security scanning and firewalls do little when a breach originates within an organization.
The most common reason for increasing incidents of lost and stolen employee portable devices are –
1. Forgetfulness
Employees today have access to more information than ever. In today’s digital world, companies use as many as 20 different software as a service applications [1]. With digital behaviors such as swipe, tap, and scroll, the attention span of human beings has been greatly reduced. The human attention span has declined heavily in recent times from 12 seconds in year 2000, to just 8 seconds in 2015 (putting us lower than goldfish with a attention span of 9 seconds) [2]. Forgetfulness leads to employees misplacing devices, using post-it notes to record passwords, or using the same password on multiple systems/devices.
2. Not notifying about lost devices
With a lower attention span and an inability to multi-task, incidents of losing devices has become more common place. Many times employees don’t report lost devices such as USBs which can result in leaked data. Employees may be uncomfortable about the consequences of losing devices and as there is often no means of rectifying the error, the loss goes unreported.
3. Use of work devices for personal activities
Use of work devices for personal activities, accessing sites, or opening files with macros, can open up enterprise systems to viruses or malware from unsecured sites. This can lead to serious damage to internal networks and systems and in the worst case, can lead to shut down of operations.
4. Clicking on Remind me later for updates
The WannaCry ransomware attack on May 12th 2017 crippled the likes of Renault and Nissan and affected thousands of computers in many different countries. WannaCry exploited a vulnerability in Windows that then allowed it to lock up computers [3]. This could have been prevented by a simple Windows update that was already available but many of us chose to not install the update when it first came out. We are used to clicking on ‘remind me later’ instead of installing or even reading what the update contained. We all need a reminder that security is important and being proactive can pay off in the long run.
5. Dismissive attitude towards security
There is often a trade-off when completing day-to-day work between taking the more efficient route versus the more secure. Quite often, we choose the fastest way to get things done and in doing that, make ourselves more vulnerable from a security perspective [4]. Surveys reveal that the workforce in general have a clear preference for convenience over data security [5].
6. Accessing information when they shouldn’t
When an employee is terminated, system/network access should be revoked immediately. Many times though due to lack of proper workflows or processes, access is not revoked and ex-employees can still access the network. Depending on the relationship the employee had with the organization, this may open up the organization to maliciousness.
Organizational data security is being impacted by employee habits and HR can have a big role to play in changing those behaviors. Learn more about the role HR can play in ensuring data security in our new Security - White paper !
About the Author:
Marnie Larson is the CEO of StarGarden Corporation and oversees its operations in Canada, US and New Zealand. She has over 20 years’ experience in the software industry and specializes in HCM, Business process automation and Workflow technology.
Follow Marnie on Twitter: @mblarson
References: