Risky Behavior: Data Security Practices in the Workplace ? CCSK Guide

When asked about risks to data security, many organizations will list issues such as cyber criminals, or hackers. Unfortunately, most won?t even consider the risks from within. Employee-related security issues are increasingly impacting organizations data security plans. According to a UK survey, a substantial percentage of office workers admit to taking risks with business data.

Taking Risks

A recent survey conducted by Fasthosts Internet, a web hosting provider, 37% of employees admit to taking risks with business data while working offsite. The study involved 1,000 office workers, 37% admitting that they have taken risks with work-related data by using personal or home computers to perform work, or by taking a lax approach to data security outside the office. Only 15% of workers admit that they know when they?ve lost data.

A quarter of respondents admitted to committing at least one data security sin, for instance, losing a USB device, leaving a laptop unattended in a public place, or keeping company data files in a car overnight. Surprisingly, very few employees currently use a secure online method of transferring work data to and from their workplaces.

Insecure Data Storage & Transfer

In many organizations, the individual employees are expected to determine their own method for data transfer. These are the most commonly-used methods of data storage and transfer:

• USB device (25%)
• Work email account (24%)
• Laptop (14%)
• Private email account (9%)
• Paper documents (9%)

It?s easy to see how employees can expose company data and systems to dangers when we consider the risks inherent to each storage format. For instance, USB sticks are typically small devices and are commonly lost when traveling from one location to another. USB devices may also transmit viruses or other malware between computer systems.

According to Steve Holford, the marketing director at Fasthosts Internet:

?Businesses can make the mistake of viewing data security as an on-site issue. Often, the risks can like with physical loss of with personal computers. First should identify how their staff transfer and handle business documents outside of the workplace and then minimize the risks by providing them with clear advice and a secure and easy-to-use solution for handling the data.?

Priority Areas

Data security experts have put together a list of the top priority areas regarding risky employee behavior. They are briefly introduced below:

• Browsing habits ? Not all employees are able to recognize dangers on the internet, including malware. It?s important to ensure that employees are educated about such threats and monitor browsing habits.
• Email attachments ? Certain email attachments can bring risks, even if emails are from trusted senders. Employees should be well-informed on company email policy.
• Spam ? While many organizations rely on spam filters, undesirable messages may still pass through even the most advanced systems. Employees should know how to detect and handle spam when it appears in their inboxes.
• Backups ? According to the Fasthosts study, one in five employees admits to frequently risking important documents by failing to make a back-up copy.
• Unauthorized software ? Unauthorized software finds its way onto corporate systems every day. Using such software can cause major productivity and security issues. Organizations should have policies and consequences for violations.
• USB Drives ? These are able to store large amounts of data, but are easily lost or misplaced.
• Social Media ? Employees should be aware of the risks on social networks. They should be careful about how they use such tools to share information.
• Mobile Devices ? Devices such as smartphones and tablets give employees access to corporate data from virtually anywhere. However, employees should be accessing data security, and be aware of encryption, updating security settings and backing up data stored on their mobile devices.
• Mobility ? Employees are more likely to take risks with data security when they are away from the office. Organizations should have mobile safeguards in place and ensure that no sensitive data is being transferred over unsecured Wi-Fi networks.

Summary

This article takes a look at some of the risks that employees take with corporate data each day. A surprising 37% of UK employees freely admit to taking risks with business data while working offsite, while 25% of employees have committed some sort of data security sin. The article then lists problem areas, or IT vulnerabilities for organizations to consider while developing their data security programs and policies.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

• Enterprise and information risk management (Domain 2)
• Compliance analysis requirements (Domain 4)
• Insider abuse (Domain 7)
• Key management best practices (Domain 11)

?

Source: http://ccskguide.org/2011/07/risky-behavior-data-security-practices-in-the-workplace/

pearl harbor periodic table finding nemo amy smart act test speed tv camelot