SANTA CLARA, Calif., Feb. 5, 2007 – McAfee, Inc. (NYSE: MFE), today revealed new research indicating that while most American companies are investing in technology and policy to secure sensitive data from outside attacks, the threat of data loss at the hands of their own employees is what should have their attention. The study, conducted for McAfee by Illuminas, surveyed 300 office workers across the United States at companies with at least 200 employees. More than two-thirds of responses came from organizations with more than 1,000 employees.
The research suggests that most U.S. companies are establishing corporate policies to prevent data loss, with the overwhelming majority of respondents (84 percent) saying their company has a formal policy in place regarding the treatment of sensitive information. However, the research also reveals that many employees consistently disregard those policies. For example, 21 percent of all respondents admitted to leaving a confidential or sensitive document on a printer tray, and 22 percent said they sometimes lend to colleagues the portable devices on which they store work documents.
Key findings that demonstrate the danger American employees are posing to corporate security include:
More than reputations at risk
According to the Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization, since February 2005 more than 100 million data records containing sensitive personal information of U.S. residents have been exposed due to security breaches. In addition to severely damaging a company's reputation, leaked customer or corporate data can result in legal action if the business violates regulations such as the Gramm-Leach-Bliley Act of 1999, California Senate Bill 1386, or the Health Insurance Portability and Accountability Act (HIPAA), which now force public notification of breaches of personally identifiable information. Senator Dianne Feinstein (D-Calif.) recently introduced the Notification of Risk to Personal Data Act, which would require businesses and government agencies to notify consumers under certain circumstances of data breaches.
Outside focus, inside threat
Threats to enterprise security have traditionally been viewed as originating outside the organization. Companies regularly spend thousands of dollars on technology products in an effort to stop intruders and malicious software such as viruses, trojan horses, worms, logic bombs and other harmful computer code from entering their corporate network. These products include anti-virus, anti-spam, firewalls and intrusion prevention systems, to name but a few.
However, while the majority of businesses scan their in-bound email for unsolicited content, many fail to check their internal and outbound email, essentially allowing the unauthorized transfer of data within or outside of the organization.
The growing use of portable devices by employees is also challenging the integrity and security of digital assets. Company laptops, USB sticks, mobile phones and MP3 devices make it easy to transport thousands documents at a time out of company parameters, but the vast majority of these devices go uncontrolled by IT departments.
“Data loss has been heralded as one of the most pressing issues facing organizations in 2007, and with almost all corporate information now existing in electronic form, it’s not hard to see how data loss at the hands of employees has emerged as a serious threat,” said Vimal Solanki, senior director of worldwide product marketing . “Companies must employ a basic risk management strategy, create policies and implement technology to secure data. But policy combined with technology that focuses on outside attacks alone clearly isn’t enough to protect companies from the threat of data loss. The harsh reality is that sensitive corporate data can easily end up in the wrong hands — deliberately or accidentally — because of employee behavior.”
A report of the survey results is available here
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com.
NOTE: McAfee is a registered trademark of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 - 2007 McAfee, Inc. All rights reserved.