A new report into data loss has found that businesses are at greatest risk from employees, with internal mistakes or malicious activity contravening data loss prevention policy and security systems.
An international study authored by Trend Micro shows that UK businesses, as well as those based in the US and the Far East, are amongst some of the most progressive in the world when it comes to dealing with data loss. However, even tighter security and overhauled regulations have not been able to mitigate the threat posed by human factors.
Respondents to the survey were asked if they were responsible for or were aware of an employee-generated leak of private data or business secrets. Over half of those questioned answered in the affirmative.
Webmail accounts which are managed improperly were identified as the most common source for leaks, with employees acting carelessly when using these accounts to send and receive information that can then be easily stolen or accidentally leaked.
Internal desktop computers were found to be the most secure. On the other hand portable computing devices such as laptops and smartphones have once more been identified as significant risks, as employees using them outside of the office tend to let their guard down and be less attentive to the security of the sensitive information that such devices invariably contain.
Interestingly it was discovered that although desktop users did not leak as much data as their colleagues with portable solutions, in fact it is desktop users who spend more time on social networking sites and other online portals not directly related to business matters during the working day. Social networking sites are becoming ever more intensively targeted by criminals looking to steal personal information in order to gain access to business systems at a later date.
Trend Micro’s David Perry said that he was unsurprised by the results of the report, and suspects that the majority of data security professionals will share this view. However, Mr Perry believes that it could be a wake-up call for many businesses that may have failed to realise that improper conduct by employees can have such a significant impact on data protection.
