“Can you or someone sitting right besides can be a threat to data security”
Today, companies are always exposed and alert to various data security threats. The consequences range from sheer embarrassment to pricey lawsuits and major clean-up tasks especially when client’s confidential data is concerned. Although many businesses around the world have taken initiative to improve the security level, others consider human biasness as a likely cause. As per Voice of IT report; human error is deemed the biggest and closest threat to secure IT of an organisation. And it becomes a more pain-in-the-neck when divided into three categories; careless, uninformed and disgruntled employees.
Though utterly humiliating, a general research proved that employees taking information out of the business environment and leaving it unintentionally at a public place are the biggest threat to data breach. Perfect example can be of a USB stick found in a car pub containing passwords of government computer system in the UK; this happened in 2008.
Another example following the same year is of a Lancashire health worker who accidentally dropped a memory stick bearing criminal record and personal information of around 6,000 present and past prisoners. Data was however encrypted whereas password was written behind the USB pen. If that’s not all, an engineer employed at Apple left a 4th generation iPhone’s prototype which was then not released in a bar in California.
While these are only a few out of dozen examples, the lesson to learn here is companies should seriously consider before allowing employees to take critical information off the business premises. As internet, emails, corporate files and much more can be easily accessed on-the-go through wireless network, treating the security threat right at the core is more important than ever. External USB drives with all the information downloaded as well as an unlocked smartphones logged into corporate system are some of the major threats to consider nowadays.
The disgruntled and dissatisfied workers pose a much bigger risk. Designation here matters most as a senior employee mightn’t have access to just the confidential information and documents but admin accounts, networks, codes and data centres as well.
A few cyber experts argue that it was a sullen employee responsible for the costliest Sony Pictures hack in 2014 and indeed not an attack from North Korea. While the debate rages on, Sony accepted that some employees wield unimaginable power and underestimating them may cause businesses a serious blow.
Albeit priciest, the hack isn’t the only example of an angry worker. Check another example that’ll give you a jolt!
Los Angeles, 2008 – Terry Childs, the city network administrator reset the passwords of FibreWan network being a very disgruntled employee. He denied restoring and returning the passwords that brought Los Angeles to a complete digital curfew which lasted for several days.
Though Child is responsible here, human biasness of his immediate superiors is also to blame as why so much freedom and responsibility is vested. We learn from this that no matter how valuable an employee is; excess freedom especially when admin rights are concerned mustn’t be given. A solution to this is introducing several administrators rather than relying on one to purge an internal attack.
Transmission from the French television station in 2015 was affected due to hackers that were believed to be a part of terrorist group while its social media accounts and websites were also targeted. Following the day of the event, staff from the television station was interrogated about the attack in front of a background wall having several sheets of confidential business details. The sheets are considered a list of company’s accounts and passwords related to social media.
While some of the passwords were as simple as that of YouTube, the ultimate lesson to learn here is educating the workforce about the importance of data security. With outgrowth of social media, threats such as password leak, accounts hacked, virus attachments and so on have also risen. Proactivity is thus vital to the wellbeing of entire corporate IT infrastructure.
Employee training sessions are thus crucial and a little investment from higher-ups would strengthen the company from within as well as identify threats before they strike. While fear of the unknown is justified, the real security threat can be from the devil sitting right beside you!