How Risky Employee Behavior Harms Information Security

How Risky Employee Behavior Harms Information Security

Joseph Steinberg

Published on July 20, 2016


We all know the theory that employees are the weakest link in the information security chain, and that insider threats are much worse than external threats. With the rapid growth of network-based collaboration, data leakage due to a lack of documented best practices has become a significant cause of revenue loss to organizations worldwide.        

But how does employee bad behavior actually harm information security? And how likely is it to happen?

Here are the most common risky or unauthorized employee behaviors that pose an IT security threat to companies -

Sharing Login Credentials

Approximately 20% of employees share login credentials with their colleagues, according to a study by Sailpoint. Even worse: the aforementioned study claims that 14% of employees would provide passwords to unauthorized outsiders if they were paid as little as $150 by the unauthorized parties to do so.

Unauthorized Use of Confidential Information

23% of workers admit to having inappropriately taken their employer’s confidential information out of the workplace, and 10% do so regularly, according to a study of British workers by LogRhythm. The most accessed confidential data, according to the study, is salary information (at 38 percent) and details of colleague bonus schemes (23 percent). Besides the direct issue of the employee taking the data out to begin with, there is another serious concern: once an employee has stolen data from an organization, how well do you think he or she will actually protect the data from hackers?

Unauthorized Access of Employer Data

According to the same LogRhythm survey there is little consequence for unauthorized accessing of employer data: 94% percent of the people who admitted to inappropriately accessing -- or outright stealing -- confidential information from their employers stated that they had never been caught, and, obviously, therefore, were never punished.

Misuse & Trade of Confidential Information

22% of employees admitted that they would sell sensitive corporate information for the cost of a meal for two at a top restaurant, and more than half of all employees polled would sell such information for the cost of a new laptop, according to a survey by Data Loss Prevention firm, Clearswift, which also partners with SecureMySocial to provide data loss prevention for Social Media.

Data Leaks with Unregulated Social Media Use

1. On that note: in sales and other meetings relate to selling SecureMySocial’s technology that warns employees if they are making social media posts that may harm themselves or their employers, I have encountered numerous horror stories of people leaking all sorts of proprietary data via social media posts. How many businesses already have technology that can catch such posts in real time? Close to zero.

2. Furthermore, many employees do not even feel guilty about failing to protect data whether on social media or otherwise. According to the Clearswift survey mentioned above, almost a quarter of all employees polled stated that they believe that “company data is not my responsibility at all.” You read that correctly.

Intellectual Property Theft

Almost half of people who leave their jobs would steal intellectual property belonging to their former employers, and approximately 40% would use such information at new jobs, according to a Symantec  whitepaper.

Compromising IT Security for Personal Use & Benefit

1. According to a recent study by Firemon, more than half of information technology professionals polled admitted to “adding access that they know had decreased their organization’s security posture.” In other words, more than half of the IT workers surveyed took actions that they knew worsened security.

2. According to the same Firemon study, more than a quarter of the information technology professionals polled by researchers admitted to cheating in various ways in order to pass audits.

3. Further, a CISCO survey revealed that employees compromise the security of their corporate assets for various reasons, including bypassing policy for personal use.

Fig. Why Did I Alter My Company-assigned Computer’s Security Settings?

aligning computer's security setting

These figures and trends paint a clear picture: Insider risks to corporate security are very real – and very serious.


About the Author

The author is the CEO of SecureMySocial, a renowned cyber security thought leader, and author of several books on the topic, including (ISC)2’s official study guide for the CISSP-ISSMP exam. Recognized by Onalytica as one of the top cyber-security influencers in the world, he is also the inventor of several IT Security technologies widely-used today; his work is cited in over 100 published US patent filings. He is also one of only 28 people worldwide to hold the suite of advanced information-security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep.


... ...



Published on {{detail.created_at| date}} {{detail.duration}}

  • {{}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}



About the On-Demand Webinar

About the Webinar

Hosted By





About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author


About the Author