AppID, Describing our services, Email Archiving, HostPilot, SecuriSync, Security, Security and Compliance
We found the business world’s riskiest user
The New York Post broke incredible news this week: the AOL email account of the Director of the CIA was hacked.
By a teen.
Who “social engineered” Verizon to get the password.
Now, every element of that story in and of itself is already incredible. But what made our jaws truly drop was the revelation that the teen discovered sensitive CIA data in the Director’s personal email. It turns out the Director had been emailing work documents to his personal account.
If it’s any consolation, the Director is not alone. Today we’re debuting our 2015 Insider Risk Report. We surveyed 2,000+ office workers about their data security habits. We learned, for example, that 22% of Baby Boomers like Director Brennan have emailed company information to their personal email address.
What’s worse, though, is that 30% of Millennials have done the same thing.
And that brings us to the heart of our Insider Risk Report. We sliced our data by demographics—age, profession, job tenure, business size, and industry—and we learned that the riskiest users are young, experienced people who work in IT.
People who should know better.
People like Jeff.
The most tech-savvy employees are most likely to create risk
Yes, you read that right. We found that the very people who have the greatest access to company data and are tasked with keeping the company secure—IT people—are much more likely to engage in the riskiest behaviors:
Why are risky security practices so dangerous for your business?
These statistics, taken by themselves are pretty bad. But it gets a lot worse when you look at the risk they create. These kinds of practices open your business up to:
- Lost or hacked data
- Regulatory compliance failures
- Data breaches
- eDiscovery risks
- Out-and-out sabotage by a disgruntled ex-employee
Think of the financial and professional implications of this: the cost of losing your company’s intellectual property to hackers. The loss of reputation. The risk of lawsuits.
What can you do about it?
Our report is intended to give you a better understanding of the scope of the insider threat problem: that every employee with access to sensitive or confidential information (97% of those surveyed) is a potential risk to your company. And to alert you to the fact that, for many workers, attitudes toward security need improvement.
So what can you do about this problem? We recommend a comprehensive approach that combines tools, training, infrastructure and policy development. We’ve even developed a best practices guide for reducing insider risk to help you get started.