Subscribe to the InfoTech eNewsletter

infoTECH Feature

December 16, 2013

Employees Are as Much a Threat to Data Security as External Threats

Many of us like to say that our company is like a family, but the truth is that most are not. And one of the implications of that is that money matters more than our commitment to our company when push comes to shove.

This is exactly what employers fear when it comes to corporate data.

A recent study by Loudhouse found that 45 percent of those surveyed think that employees will happily steal corporate data and sell it if the price is right.

The study, which surveyed more than 400 IT executives at firms with greater than 5,000 employees, discovered that inside threats are just as much a concern for IT professionals as those of external threats.

Worryingly, almost half of these executives said they do not believe their company has effective internal controls to prevent such theft. They cite a lack of effective access controls, and a lack of confidence that they could adequately revoke complete access when an employee leaves the company.

Bring-your-own-device and cloud services have meant that data is leaking from most corporate systems. More than half of those surveyed by Loudhouse said that employees have access to documents they should not be able to see, and an equal number said that in the past they have discovered former employees trying to access corporate IT systems after leaving the company.

Roughly 83 percent of large companies surveyed said they allow employees to bring their own devices, but only 41 percent had an automatic system for removing mission-critical data when the employee left the company. Six percent went even farther, admitting that they knew corporate data was walking off with former employees.

“Many organizations are struggling to manage 'who has access to what?' across the enterprise,” said Jackie Gilbert, founder of SailPoint, which commissioned the study. “It's pretty clear that if you're not proactively managing cloud and mobile access today, you're at increased risk of fraud, data theft, and security breaches.”

Of those surveyed, 53 percent have suffered a security failure, and 51 percent admit that it is “just a matter of time” before their systems are compromised.

The biggest points of failure are an inability to get a full picture across all systems, an over-reliance on IT support, and an inability to manage new technologies, the study found.

Firms that are not actively using mobile device management (MDM) solutions are playing with fire in these days of easy data portability. And even among those that are, it is important that a disciplined, well-conceived data management system is in place.

Edited by Cassandra Tucker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers