Business users are often either careless or ignorant to the ways in which they are making their company vulnerable. Many security incidents involving malicious outsiders originate with an oblivious insider, unaware they are being used as bait to compromise critical information.
There are various reasons for a lack of security when it comes to insiders. For one, sharing data over cloud-based servers is a part of our everyday life and most employees don’t think twice about it. They carry critical data around with them in the emails of their smartphones, go onto servers at work that could be infected, and share passwords across a variety of websites.
Companies that feel their data isn’t that valuable often don’t enforce security policies that define appropriate ways to manage passwords, personal devices, computer hygiene, etc. Many times, companies only worry about insider threats if they work in a place where highly classified information is a part of the job description, like at government agencies. But, insiders don’t have to bewhistleblowers to leak valuable data.
Although government agencies aren’t required to disclose information about a breach that happens to them, a study found that since 2010, at least half of the federal cyber incidents reported were due to employees being duped by phishing attacks or by clicking on links that took the user to malware infected places. In another incident, a contractor lost equipment containing the sensitive information of millions of American’s sensitive information.
These mishaps aren’t happening intentionally and clicking a bad link or misplacing a smartphone can put you and your company’s sensitive information at serious risk. Data taken from a global survey of IT professionals found that accidental data sharing produces a greater amount of lost data than software vulnerabilities does. As much as companies try to enhance security by use of firewalls and antivirus software, data loss is becoming more common through mistakes made by internal employees.
In addition to the increased sophisticated of attacks and the ease of which data can now be shared over many networks, there are also a lot of misconceptions about appropriate ways to handle data. A study found that 60% of employees who had quit their job took confidential data with them, such as emails, files or other materials.
Companies need to address high-risk behavior at all levels. By always monitoring the user, an audit trail can provide forensic and predictive analysis into risky behavior patterns to prevent insiders from inadvertently leaking data.
Join us for a webinar and learn how Xerox leverages User Activity Monitoring to improve business-critical application security. Watch the webinar here.
Subscribe to the Proofpoint Blog