How Risky Employee Behavior Harms Information Security
We all know the theory that employees are the weakest link in the information security chain, and that insider threats are much worse than external threats. With the rapid growth of network-based collaboration, data leakage due to a lack of documented best practices has become a significant cause of revenue loss to organizations worldwide.
But how does employee bad behavior actually harm information security? And how likely is it to happen?
Here are the most common risky or unauthorized employee behaviors that pose an IT security threat to companies -
Sharing Login Credentials
Approximately 20% of employees share login credentials with their colleagues, according to a study by Sailpoint. Even worse: the aforementioned study claims that 14% of employees would provide passwords to unauthorized outsiders if they were paid as little as $150 by the unauthorized parties to do so.
Unauthorized Use of Confidential Information
23% of workers admit to having inappropriately taken their employer’s confidential information out of the workplace, and 10% do so regularly, according to a study of British workers by LogRhythm. The most accessed confidential data, according to the study, is salary information (at 38 percent) and details of colleague bonus schemes (23 percent). Besides the direct issue of the employee taking the data out to begin with, there is another serious concern: once an employee has stolen data from an organization, how well do you think he or she will actually protect the data from hackers?
Unauthorized Access of Employer Data
According to the same LogRhythm survey there is little consequence for unauthorized accessing of employer data: 94% percent of the people who admitted to inappropriately accessing -- or outright stealing -- confidential information from their employers stated that they had never been caught, and, obviously, therefore, were never punished.
Misuse & Trade of Confidential Information
22% of employees admitted that they would sell sensitive corporate information for the cost of a meal for two at a top restaurant, and more than half of all employees polled would sell such information for the cost of a new laptop, according to a survey by Data Loss Prevention firm, Clearswift, which also partners with SecureMySocial to provide data loss prevention for Social Media.
Data Leaks with Unregulated Social Media Use
1. On that note: in sales and other meetings relate to selling SecureMySocial’s technology that warns employees if they are making social media posts that may harm themselves or their employers, I have encountered numerous horror stories of people leaking all sorts of proprietary data via social media posts. How many businesses already have technology that can catch such posts in real time? Close to zero.
2. Furthermore, many employees do not even feel guilty about failing to protect data whether on social media or otherwise. According to the Clearswift survey mentioned above, almost a quarter of all employees polled stated that they believe that “company data is not my responsibility at all.” You read that correctly.
Intellectual Property Theft
Almost half of people who leave their jobs would steal intellectual property belonging to their former employers, and approximately 40% would use such information at new jobs, according to a Symantec whitepaper.
Compromising IT Security for Personal Use & Benefit
1. According to a recent study by Firemon, more than half of information technology professionals polled admitted to “adding access that they know had decreased their organization’s security posture.” In other words, more than half of the IT workers surveyed took actions that they knew worsened security.
2. According to the same Firemon study, more than a quarter of the information technology professionals polled by researchers admitted to cheating in various ways in order to pass audits.
3. Further, a CISCO survey revealed that employees compromise the security of their corporate assets for various reasons, including bypassing policy for personal use.
Fig. Why Did I Alter My Company-assigned Computer’s Security Settings?
These figures and trends paint a clear picture: Insider risks to corporate security are very real – and very serious.
About the On-Demand Webinar
About the Webinar