Complain about a product or service

Survey: Employees Are Biggest Threat To Data Security

By Martin H. Bosworth
ConsumerAffairs.com

June 28, 2006

Data Theft • 68,000 CalOptima Members at Risk in Data Breach • Express Scripts Extortion Scheme Widens • Technology Could Be Key To Stopping Unauthorized Charges • T-Mobile: No Hacking in Data Breach • T-Mobile Confirms Data Breach • Consumers Increasingly Concerned About Online Transactions • Are Identity Theft Services Worth the Cost? • Online Tools Help Spot Financial Fraud • Financial Fraud Hits 7.5 Percent Of Americans In 2008 • Feds Charge Mortgage Broker In Potential Data Breach • Millions of Credit Cards Exposed in Data Breach • 2008 Data Breach Total Soars • Bank Data Breach Threatens 248,000 in North Carolina • GPS Not Foolproof • Countrywide Warns Millions of Data Breach • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

An audit finds that the biggest risk of data breach or theft comes from careless employees or consultants who don't properly secure the data they are entrusted with.

The audit, conducted by the Palisade Systems network and data security company, surveyed companies that had reported data breaches or thefts in the past year to the nonprofit Privacy Rights Clearinghouse, and reviewed their security policies and procedures.

According to Palisade Systems' audit report of the 126 companies surveyed, over 54 percent lost data or suffered a breach due to employee error, with 34 percent being due to outside hackers or other intrusion attempts, and the rest due to other causes.

Dr. Doug Jacobsen, Palisade founder and director of Iowa State University's "Information Assurance Program," claims that there isn't enough content filtering or monitoring technology designed to pick out specific bits of data and prevent them from being transmitted.

This technology -- which Palisade specializes in -- would enable employers to better monitor data their employees send out, and prevent them from circumventing security measures designed to protect against outside intrusions.

"All of sudden, employers are realizing that the biggest security threat they face to the sensitive data they are storing and/or sending is now coming from employees who can't get caught by the millions of dollars of security technology designed to prevent the bad guys from getting in," Jacobsen said.

"If employers are going to prevent and stop their customers' sensitive data from falling into the wrong hands, they seriously need to consider investing in content monitoring and filtering technology."

According to the Privacy Rights Clearinghouse, over 88 million Americans have had their identity endangered as the result of data breaches between February 2005 and June 2006.

The total includes all instances of reported data theft, both physical and electronic.

The Government Accountability Office has issued multiple reports emphasizing the dangers of letting third-party contractors handle sensitive data such as individual Social Security numbers. Private contractors are not bound by the same rules as government agencies, and often will have greater access to data with less accountability.

Although content management and security tracking may do more to prevent the transmission of secured information electronically, it does not prevent physical theft or loss of stored data.

The most prominent cases of employee-based data breaches in recent months have been due to laptop theft or loss, such as the Veterans Administration data breach, caused when an unidentified analyst took the records of 26 million veterans and personnel home with him and then reported that a thief burglarized his home, stealing the laptop the records were stored on.

Many other data breaches have not been caused by employee error, but by lax security policies and lack of oversight, or by businesses improperly storing data without protecting it.

The multiple breaches of information records at Ohio State University were made possible by the university collecting information on people, often without their consent, and failing to secure known data vulnerabilities for over a year.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.

Back to the top |