Forevermore, information security will be of the utmost concern to any enterprise. As we all know, data breaches can wreak havoc on the livelihood of individuals and businesses alike. Unfortunately, many of these break-ins stem from mundane lapses in what should have been basic security practices, whether on the part of junior employees or even C-level executives. What follows is a statistical summary of common bad practices that expose companies to serious security threats, along with some straightforward suggestions on how they can be mitigated. For the visually inclined, accompanying is an explanatory infographic compiled by the Collat School of Business of the University of Alabama at Birmingham.
Over 80% of companies in the United States believe that end-user carelessness and employee negligence are their biggest threats to security. Here are some points that support their concerns:
- Over 50% of senior managers have accidentally sent sensitive information to an unintended recipient.
- 51% of senior managers have taken private files from a workplace along with them after moving on to another job.
- Over 85% of business owners will regularly move company files and data in between business networks and personal networks or cloud storage, and 63% of that group will use the same password for both systems.
- Three percent of US full time employees admit to using the same small collection of passwords for their online needs. A third of that percentage admit to using less than five passwords to access as many as fifty different websites, regardless of the context in their personal or professional lives.
- Over 40% of businesses believe that personal mobile devices are a security concern. Compounding the issue, 15% percent of employees believe that they have little or no responsibility for safeguarding the data stored on their devices.
Perhaps worst of all, over a third of US companies have no plans whatsoever for mitigating internal security problems, and thus by default, their primary deterrent from being compromised is the personal responsibility of their employees and their business leadership.
Clearly, there’s a lot of room for improvement, especially when so many problems arise from carelessness or even apathy about security. It’s been common knowledge for years that reusing passwords, sharing passwords, leaving computers unattended, and paying no mind to the security of personal devices produce easily exploitable situations for attackers.
So why do such preventable lapses continue to persist? Until someone is actually impacted by a data breach, it’s easy to adopt an “it’ll never happen to me, and if it did, how bad could it really be?” sort of attitude, but raising awareness is key – for all employees regardless of their seniority.
Take a minute to consider the attitude towards information security in your own workplace. Chances are that, at the very least, sensitive information about employees is stored by your organization. Many easy-to-implement best practices still aren’t commonplace. If you notice that data security policies are lax, here are some simple pointers that can go a very long way in reducing vulnerability at the workplace:
- Encourage the creation of a written set of security guidelines that can be posted in a highly visible area (Naturally, policies don’t do any good if they aren’t seen or enforced).
- Limit or eliminate any overlap between employees’ personal devices and access to sensitive company material.
- Create physical restrictions that limit access to personal data stored on business machines.
- Destroy any old or unnecessary sensitive information in a timely manner.
- Host an employee orientation on information security and emphasize the damage that can be done by allowing a least-effort approach.