Lepide Blog: A Guide to IT Security, Compliance and IT Operations

Common Mistakes Employees Make That Lead to Data Leakage

Common-Mistakes-Employees-Make-That-Lead-to-Data-Leakage

According to a survey conducted by Cisco, “In the past two years, more than 250 million confidential records were reported lost or stolen”, and many of these incidents were perpetrated by insiders. That’s not to imply that your staff members are crooks, they’re often just careless or ill-informed about the consequences of their actions. To make matters worse, broader data access methods and transportability of data are creating even more opportunities for organisations to haphazardly flaunt, or misallocate their data. Of course, this is becoming a major concern for most businesses.

The loss of certain intellectual property, such as business plans, financial data, and information about potential mergers and acquisitions, could seriously tarnish a company’s reputation, and threaten their competitive advantage. On top of which, failure to comply with the relevant data protection laws and regulations can lead to pretty hefty fines, and these fines will go up once the GDPR has come into effect. It is clearly very important for organizations to understand the common mistakes employees make that lead to both the leakage and loss of sensitive data.

Below are some examples of the type of employee behavior that may lead to data leakage:

Using Applications Without Authorization

Misusing Corporate Computers

Accessing Both Physical and Network Facilities Without Authorization

Workers sometimes allow unauthorized individuals to enter a facility and move around without supervision. The unauthorized individual is then able to steal information and resources. This is referred to as “tailgating”. Likewise, employers themselves are often the main perpetrators of such theft.

Working Remotely in an Unsafe Manner

Misuse of Login/Logout Procedures and Password Policies

According to CISCO, “at least one in three employees said they leave their computers logged on and unlocked when away from their desk”. Likewise, many staff members store their login credentials on their devices, or on paper left on their desk, etc. Organizations need to regularly inform their employees about the importance of logging out of their devices and keeping their credentials safe.

Conclusion

It is important for organizations have a clear understanding about why employees choose not to comply with security procedures. The CISCO survey revealed that 44% of employees would share information in an unauthorized manner as they “needed bounce ideas off people”. 30% said they “needed to vent”, and 29% didn’t believe they were doing anything wrong. Sometimes employees just ignore security protocols to view an unauthorized website – believing that no one would find out. It is often the case where employees share their work device with family members, as it’s cheaper that buying one for themselves. Unhappy or disgruntled employees may intentionally put company data at risk. Another common problem is that employees often prefer to use their own personal email accounts, even if doing so violates company policy.

There is no magic bullet when it comes to preventing data leakage. Employers often put too much of their faith in technology alone. It is important that organizations focus on processes, policies, and education before investing in technology. On top of which, it is important that employers keep a close eye on suspicious behavior exhibited by their employees.