Insider security threats from well-meaning workers

US government and corporate workers have said in a survey that they engage in behaviour that puts the sensitive information of their organisations at risk.

US government and corporate workers have said in a survey that they engage in behaviour that puts the sensitive information of their organisations at risk.

An RSA "person-on-the-street" survey has revealed that the actions of well-meaning corporate and government employees are putting data at risk, and highlights the need to closely manage information risk, said RSA.

The survey polled an unspecified number of government and corporate office workers in Boston and Washington DC on their work-related security behaviours and attitudes.

The results provide a snapshot of the everyday actions of trusted insiders who have access to sensitive data, such as customer information, social security numbers, credit card data, company financials and intellectual property.

The survey results indicate that trusted insiders may work around unmanageable security policies in order to get their work done.

For instance, employees who do not have remote access may e-mail a document to their personal email address so they may work on it later from home - an action that violates most organisations' stated security policy.

The survey found that 35% of respondents have felt the need to work around their organisation's established security policies and procedures just to get their job done.

In addition, 63% frequently or sometimes send work documents to their personal e-mail address so that they can access them from home.

The results also show that employees depend on remote access to corporate information while on the road, waiting at airports or working in coffee shops.

The survey revealed that 87% frequently or sometimes conducted business remotely over a virtual private network or web mail, and 56% frequently or sometimes accessed their work email via a public wireless hotspot.

The survey showed that 65% frequently or sometimes leave their workplace carrying a mobile device such as a laptop, smartphone or USB flash drive that holds sensitive information related to their jobs.

But 8% admitted they had lost such a device with corporate/organisational information on it.

The full survey with further security black holes that firms must fill with better security is available on the RSA website.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close