Employees are responsible for most data breaches, according to survey

25 septembre 2012

Although recent events may suggest otherwise, hackers are not the main reason for the rise in data breaches. According to a recent Forrester Research report, most breaches are caused by employees who have lost their devices, misused company information, or had laptops or smartphones stolen, Computer World UK reported.

Information breaches caused by lack of security
Based on the research firm's results, which surveyed 7,000 IT executives and ordinary employees in North America and Europe, 31 percent of employees said their companies' networks were breached because they lost a device or someone stole a USB or laptop, while 27 percent of respondents said they misused information. Data breaches caused by cybercriminal attacks, on the other hand, accounted for 25 percent of cases.

The introduction of the bring-your-own-device (BYOD) movement is partially responsible for many reported information breaches, according to the news source. Although corporations do have a mobile policy, it is difficult to enforce employees' use on a device designated for both personal and business matters.

Government guilty of lax security procedures
A recent study from tech security firm Rapid7 shows that even politicians and bureaucrats are guilty of negligence. In the past three years, the United States government experienced a number of breaches that resulted in the exposure of 94 million American files, reported Adam Levin for Credit.com. The high number of data breaches proves that federal workers, who are sworn to protect the identities of their constituents, are not well-versed in data protection.

The disclosed number, which has doubled from the total last year, is a conservative prediction because the study only takes into consideration the reported breaches and incidents that have yet to be identified. In fact, some government agencies are not required to publicly announce data breaches or notify possible victims.

Backing up the findings of the Forrester Research survey, the Rapid7 survey shows that only 40 of the government incidents (15 percent) accounted for the numerous breaches since 2009. Seventy-eight percent of breaches occurred because federal employees accidentally posted citizens' private information online or sent it to the wrong person. Forty-six percent were caused by the loss of physical documents, while 51 percent of cases were because a worker lost a device like a laptop or smartphone. Many of the personal devices also did not have network security, encryption or passwords that might inhibit a person from accessing sensitive data.

The Government Accountability Office has taken measures and provided guidelines for government agencies to follow, however, out of the 24 major agencies, the GAO found 18 of the departments had inadequate controls, reported Levin.

Because security breaches have become a problem in recent years, it is important that businesses and agencies take responsibility and monitor the security of their devices, whether it be a desktop, laptop or smartphone. Consumers rely on these organizations to protect data, but if workers fail to follow measures, it will be easier for a criminal to gain control over someone's identity.

Installing the most basic form of security, like passwords, could make the difference in the exposure of someone's personal information, however, 25 percent of respondents to the Forrester Research report are still not using any form of protection at all. Companies should monitor their employees' activity and educate them on safety policies and data loss prevention. They should also ensure that software and firewalls are installed onto workers' mobile devices and laptops.

While the government debates the 2012 Cybersecurity bill that outlines mandatory action, business owners should take steps to install controls and prevent hackers from easily gaining control of sensitive information.

-McAfee Cloud Security