Three new studies touch on elements of the same key point: Employees—even senior managers—remain one of the largest information security risks.
You pick the right passwords. You limit access to VPNs and encrypt your association’s most sensitive data.
But sometimes the biggest problem isn’t an outside threat but employees within the organization who may not be attuned to the nuances of security, according to three separate studies from different IT consultancies. Some highlights worth keeping in mind:
The carelessness factor: The first study, from the U.K. technology firm SecureData, found that most of the 110 IT professionals surveyed pointed to employee carelessness as their biggest security risk (60 percent), far above common sources such as data theft (13 percent) and external malware (10 percent). Many of those polled (40 percent) said that educational efforts would help, but 25 percent raised organizational concerns that made it a challenge to implement a secure management policy.
Malware an issue: Meanwhile, a separate study by Osterman Research suggested that many IT professionals are worried about employees unwittingly installing malware. Roughly three-quarters (74 percent) of the 160 respondents said their networks have been compromised by a web-based piece of malware in the last year, with another 58 percent saying that mobile devices were targeted and 64 percent saying email was a major pain point.
Managers a problem, too: Finally, a Stroz Friedberg study pinpointed the senior management team [PDF] as a source of security risks. “Senior management—those who often have high levels of access to valuable company information—admitted to partaking in risky behaviors most readily,” the study stated. “Personal technology preferences contributed to many of the transgressions.” Among the major manager missteps: 87 percent of those surveyed admitted to uploading work files to a personal email or cloud account; 58 percent have sent an email to the wrong person; and 51 percent have held onto proprietary company files after leaving a job. The problem is exacerbated by the rise of the bring your own device (BYOD) trend, according to the study.
With user choice often running against the need for information security, how do you strike a balance? Let us know your take in the comments.