WHICH CORPORATE INFORMATION IS KEPT ON THE COMPUTER OF WHICH EMPLOYEE – YOU CAN LEARN IT EVEN BY ACCIDENT .
FINAL WORD
“
WHICH CORPORATE INFORMATION IS KEPT ON THE COMPUTER OF WHICH EMPLOYEE – YOU CAN LEARN IT EVEN BY ACCIDENT .
Information security specialists helped our client to discover important documents stored locally on the disk by one of the employees who wasn ’ t allowed to access them . This is a serious violation of the internal regulations which requires urgent investigation . The employee ’ s computer appeared to have some software installed for remote control which he simply didn ’ t need in his work . The investigation revealed that the employee suspected of violations had no clue about the files stored on his computer . The actual culprit was a technical specialist who used the computer of the employee as a temporary network storage before transferring confidential data to a third party .
2 . Happy-go-lucky
The group of employees who become the perpetrators of leaks due to negligence , ignorance or naivety .
A total of 44,000 customers of Federal Deposit Insurance Corp . ( FDIC ) became victims of personal information leakage due to the technical incompetence of the company ' s employee who uploaded confidential data to a personal flash drive . Later it turned out that the information wasn ’ t used outside the organisation , however , with the help of special software FDIC was able to track the uploading of corporate information .
According to the Wombat Security 2017 State of the Phish Report , 28 % of employed
UK population and 35 % of the employed in USA do not know what " phishing " is . In January 2017 , a leak of personal data of 4,000 employees happened due to the fault of the colleagues who followed the link with the requirement to fill in the necessary tax forms . The letter which was sent on behalf of the CEO , appeared to be a phishing bait .
3 . Skeletons in the closet
Such employees are harmless until something provokes them . Their personal lives hide some ‘ hook ’ which attackers might want to benefit from . It can be anything from debts , drugs or alcohol addiction to adultery or other private details . Information security specialists put such employees in the risk group , because criminals can use their secrets to blackmail members of staff .
Incidents that occur due to ‘ innocent victims ’ can be detected ( and even prevented ) only by information security specialists . The ‘ victim ’, besides being unaware of what is going on , is ineffective in finding and neutralising the attacker due to the lack of technical skills and professional knowledge . Employees with ‘ skeletons in the closet ’ should be controlled permanently . IS specialists tend to react promptly to the incidents originated by this type of employee . The information leakage caused by employees from the second group – happy-go-lucky – happen more often because of their criminal carelessness and negligent attitude towards the basic set of rules . Let us give some examples :
1 . All mine is yours Information security specialists detected the account activity on the computer of an employee who was on vacation and didn ’ t have to show up even remotely . It turned out that before the vacation he delegated all the passwords to his colleague so that he wouldn ’ t be disturbed with constant inquiries . The company ' s routine forbade access sharing . The employee ' s computer kept confidential information which in case of leakage would lead to serious financial and reputational loss . The company managed to avoid the data breach , though the incautious employee was warned about possible threats and instructed .
2 . Innocent request for technical assistance Which corporate information is kept on the computer of which employee – you can learn it even by accident . For example , thanks to an email sent by some employee while asking for technical assistance . According to the Winnipeg Free Press , the leaked data of 3,700 employees was discovered when one of the colleagues sent the email containing the information while making a request for technical assistance .
3 . Force majeure Whitehead Nursing Home employee not only survived the burglary and lost valuable belongings , but also became the reason why his employer paid 15,000 pounds fine . That day when he took the corporate laptop with unprotected information home his house was robbed . According to the BBC News , confidentiality of the data referring to 46 employees and 29 patients was violated .
According to the SolarWinds survey , the majority of unintentional information breaches occur due to phishing , copying data to unprotected devices , loss of storage devices or using personal hard drives , accidental deletion or modification of information , use of corporate passwords outside the internal network , neglect of protection systems updating , incorrect configuration . According to the survey among federal agencies conducted in 2017 , there was an increase in deliberate insider leaks – 29 % vs 22 % in 2016 . Nevertheless , 44 % of respondents indicated that unintentional leaks are the main threat to information security . •
Jorina van Rensburg , Managing Director at Condyn
96 INTELLIGENTCIO www . intelligentcio . com