Wednesday, 15 October 2008

Top 10 security mistakes

Ever wondered what is it that leads to data leaks, spying, phishing and other forms of hacking? According to experts, it is some common mistakes made by people that lead to biggest security breaches. And, these behavioral risks of employees vary depending on country and culture. Making some countries more prone to security breaches than others.

A new study by Cisco spotlights the numerous risks taken by employees that can lead to the most prominent security concerns for businesses: the loss of corporate information. The study identifies common data leakage mistakes among workforces around the world and is based on surveys of more than 2,000 employees and IT professionals across 10 countries, including India, China, Germany, France, Italy, UK, Australia and Brazil.

Among the numerous behavioral findings, the top 10 most noteworthy are:

Altering security settings on computers

One of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. This was most common in emerging economies like China, Brazil and India.

When asked why, more than half (52 per cent) of end Users who have changed the security settings to view restricted Web sites did so because they wanted to visit it regardless of their company's policy; a third said, "it's no one's business" which sites they access.

Use of unauthorized applications

Seven of 10 IT professionals said employee access of unauthorized applications and Web sites (eg unsanctioned social media, music download software and online shopping venues) ultimately resulted in as many as half of their companies' data loss incidents.

This belief was most common in countries like the United States (74 per cent) and India (79 per cent).

Unauthorized network/facility access

In the past year, two of five IT pros dealt with employees accessing unauthorized parts of a network or facility.

This was most prevalent in China, where almost two of three respondents encountered this issue. Of those who reported this issue globally, two-thirds encountered multiple incidents in the past year, and 14 per cent encountered this issue monthly.

Sharing sensitive corporate information

In a sign that corporate trade secrets aren't always secret, one of four employees (24 per cent) admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers. When asked why, some of the most common answers included, 'I needed to bounce an idea off someone', 'I needed to vent', and 'I did not see anything wrong with it.'

Sharing corporate devices

In a sign that data isn't always in the hands of the right people, almost half of the employees surveyed (44 per cent) share work devices with others, such as non-employees, without supervision.

Blurring of work and personal devices

Almost two of three employees admitted using work computers daily for personal use. Activities included music downloads, shopping, banking, blogging, participating in chat groups, and more. Half of the employees use personal email to reach customers and colleagues, but only 40 per cent said this is authorised by IT.

Unprotected devices

At least one in three employees leave computers logged on and unlocked when they're away from their desk. These employees also tend to leave laptops on their desks overnight, sometimes without logging off, creating potential theft incidents and access to corporate and personal data.

Storing logins and passwords

One in five employees store system logins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. In some countries like China (28 per cent), employees reported storing logins and passwords to personal financial accounts on their work devices, leaving their identity and finances at risk. The fact that some employees leave devices unattended magnifies this risk.

Losing portable storage devices

Almost one in four (22 per cent) employees carry corporate data on portable storage devices outside of the office. This is most prevalent in China (41 per cent) and presents risks when devices are lost or stolen.

Allowing 'tailgating' and unsupervised roaming

More than one in five (22 per cent) German employees allows non-employees to roam around offices unsupervised. The study average was 13 per cent. And 18 per cent have allowed unknown individuals to tailgate behind employees into corporate facilities.

'Businesses are enabling employees to become increasingly collaborative and mobile,' Stewart said. 'Without modern-day security technologies, policies, awareness and education, information is more vulnerable. Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains. This trend is here to stay. To protect your data effectively, we need to start understanding the risk characteristics of business and then base technology, policy, and awareness and education plans on those factors.'