Risky Employee Behavior & the Need for Data Loss Prevention

Aug 23, 2012 | Security

contributed by Grant Hegerberg, WatchGuard Technologies

It is rational that not all data loss from within an organization is malicious. In fact, in most cases data loss is the result of common mistakes that employees make. To understand the risks to our confidential data by employees, it is important to understand common risky behavior, as well as common errors that employees make that heighten the risk of data loss and spur the need for data loss prevention.

Sending Confidential Documents to Personal Email Addresses

Many of us are guilty of this. Rather than take home our company‐issued laptops to work on a document that contains sensitive data, we send the document to our personal email account, like Hotmail or Gmail, intending to work on it when we have a moment over the weekend. The issue here is that this behavior poses a high risk to the confidential data being transmitted because these types of applications do not use the same security standards or email encryption that have been implemented throughout company email networks. Although you may have stringent policies on what can be sent via email, if you do not have the same protection in place across web, then this sensitive information may be at risk as it passes through mostly unmonitored waypoints.

Human Error

With all of the automation and new features being introduced in business communications tools and applications today, the likeliness of human error as a threat vector has never been higher. For example, if you consider the Microsoft Outlook AutoComplete Email Address feature whereby the system populates the “To” field in an email by detecting the first few letters input by the sender and populating it with the first name that matches, unless the employee is diligent to ensure that the recipient address is a match, sensitive data can end up in the wrong hands.

Unauthorized Sharing of Corporate Computer Resources

Many employees bring their company‐issued laptops home and share the devices with friends and family members. Occasionally, an employee, in an effort to provide guidance or mentoring to a friend, may even share a document with a personal contact to provide a sample template. Or, on the flip side, an employee may share a confidential document with a friend to get some brainstorming ideas. Consider a third scenario whereby employees do not lock their desktops when leaving their desks, leaving sensitive information exposed should someone access the employee’s computer. Although not malicious in nature, this type of behavior is another example of common root causes of unintentional data loss.

Abuse of System Access and Privileges

System access can be used for any number of malicious tactics by employees, but it also accounts for 46% of data breaches. This involves the malicious use of information assets to which an employee is granted access. Even more alarming is that 51% of data breaches that originate from internal sources are originated from regular employees (see chart at right).

These are just some examples of risky employee behavior that contribute to the likelihood of unauthorized data loss. Now, more than ever, companies have to be diligent at not only creating a strong data loss prevention policy management program, but implementing and monitoring it to identify violations and security gaps.

Organizations owe it to themselves and their customers to keep information from falling into the wrong hands. At the same time they need to ensure that legitimate business processes and communications are not hindered.

An effective data loss prevention (DLP) solution can accomplish this by providing the ability for compliance and policy officers to create granular outbound policies by user, group or domain. Different people have varying roles and responsibilities; having a DLP solution that recognizes this and enforces appropriate, user‐ or group‐level policies while not hindering the regular course of business is imperative.


Recent Posts

Cloud Use Cases for Small and Growing Businesses

Cloud Use Cases for Small and Growing Businesses

As you may have heard, the cloud is a network of remote servers hosted on the Internet. But for businesses the world over, the cloud represents the next step in technological evolution. The cloud unlocks speed, flexibility, scale, and cost savings that businesses of...

2023 Cybersecurity Trends for Small Business

2023 Cybersecurity Trends for Small Business

The threat of cybercrime continues to grow each year, and small businesses are particularly vulnerable. The latest cybersecurity trends indicate that organizations of all sizes must remain vigilant in order to protect their valuable data.  In this article, we'll cover...

Security in a Co-Managed IT Environment

Security in a Co-Managed IT Environment

Security in a co-managed IT environment looks a little different than in a traditional environment. Don’t be alarmed. When leveraging a partner to co-manage your environment, you’ll actually have better, more robust security in most cases than if you were to manage...

Five Signs you Need Better IT Support

Five Signs you Need Better IT Support

IT systems can make or break any business. They provide an avenue for communication and collaboration, help with organizational efficiency, and drive improved customer service. Without proper IT support, businesses are often left in despair and experience hindering...

Co-Managed IT Services for Financial Services

Co-Managed IT Services for Financial Services

Financial services companies are faced with the challenge of keeping up with technology because they cannot sacrifice data security or compliance. As a result, more organizations are turning to co-managed IT services as an option that provides a balance between cost...

Co-Managed IT Services for Oil and Gas

Co-Managed IT Services for Oil and Gas

The Oil and Gas industry is an ever-evolving sector that operates in a highly competitive global market. Companies must stay ahead of the competition to remain profitable, which means keeping up with the latest technologies and trends. One way to do this is with...