Skip to content

Information Security Risks Linked to Employees

July 1, 2009
Image credit: Computerworld UK

Image credit: Computerworld UK

Forget about blaming hackers and competitors for a security breach of your businesses’ information. According to a recent ComputerWeekly article, an organization’s own employees are often times the biggest threat to the security of your information

“The majority of major data breaches that have occurred over the past 18 months can be directly attributed to employee behavior, an inability to follow policies and procedures that has had catastrophic results; millions of personal records being compromised, a plethora of government investigations, heavy fines and sanctions, reputational damage and the media baying for blood.”

This is something we’ve talked about before but it remains a massive misperception among IT and business executives that the largest threats are those outside your own walls. So, what’s an organization to do?

First, every organization needs to make a commitment to information security. As an increasing number of an organization’s most valuable assets – from intellectual property records to contracts – are kept in electronic format, this often means making a commitment to ensuring those records are protected and that, if necessary, the organization can establish that these records haven’t been tampered. Investing in products such as Surety’s AbsoluteProof can help alleviate these worries of tampering by providing data integrity assurance with the technology of digital timestamping. Pinpointing the exact moment an electronic document is illegitimately altered, AbsoluteProof provides legally verifiable evidence of data authenticity, ensuring the protection of some of your most valuable assets.

The amount of time and effort invested in these types of technologies behind your security measures should equal to that of the energy you put toward educating and training employees about their respective IT responsibilities. Employees need to understand the procedures needed to take in order to effectively secure information. Compliance regulations and expectations must be communicated on a regular basis, keeping up with the ever-changing IT landscape.

In order to do this and manage “user accountability and awareness,” organizations should follow the guidelines listed below as described in the article. You’ll notice that automation plays a big role in the process – that’s because according to this article, automating key security processes has proven to increase user awareness of security risks by 30 percent within three months.

  • Automate the policy creation process so that you can quickly create or modify policies already in place.
  • Implement automatic targeting and scheduling technologies so that you can be sure you’re targeting all your users.
  • Require a response from a user each time he/she breaks the code of conduct so that you can have proof of communication relating to the event.
  • Automate surveys and risk assessments to challenge your employees’ knowledge and share an outline of your current IT security position.
  • Implement products with skilled reporting capabilities so that you can better identify and prevent risks down the road.
  • Implement automation so that you can establish a routine process, thus increasing your chances of reliable IT security.

So, do you agree or disagree with these recommendations? What is your organization doing to protect against internal security threats?

2 Comments leave one →
  1. December 26, 2009 9:40 pm

    Ive learned so much from this blog. Hopefully others can find value in my site as well.


  1. Information Security Risks Linked to Employees « The Power of Proof

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: