Employees Pose Greatest Threat to Enterprise Security :  Published January 2007 All Rights Reserved


Naughty Employees Threaten IT Security

IT security firm 8e6 Technologies, based in Orange, CA, reported that employee use of  the enterprise's Internet presents a threat and challenge to corporate entities in 2007. An 8e6  Technologies study revealed an increasing number of corporate employees are abusing the Internet for personal gain and putting their organizations at risk of legal liability.

“The increased incidence of employee Internet abuse is continuing to cause widespread IT and legal hurdles for many organizations,” said Eric Lundbohm, vice president of marketing for 8e6. “Without a proper 'acceptable use policy' and effective monitoring tools in place, organizations will continue to see extensive abuse from some of their most trusted assets – their employees.”

Pornography remains a top concern, both in download and production (the survey found employees uploading pornography from work to share online and live sex shows performed by male employees from the office space.) Employees too were downloading "a huge amount" of prohibited content such as videos, MP3 files and movies.

"Based upon the responses from over 500 participants, music and movie downloads were a common problem for network security professionals, posing significant legal consequences for organizations. Hosted websites within a company’s network and users setting up wireless access points were among the most common infractions of Internet acceptable usage policies cited in the survey. Not surprisingly, however, many of the respondents cited porn searches as one of the most frequent abuses of the Internet," 8e6 concluded.

According to the survey phising and spam-related breaches grew 38 percent from a similar survey mid-year 2006 by Interop Las Vegas. In addition, a 17 percent increase in bandwidth consumption resulting from employee time spent on personal e-commerce and personal finance activities were among other serious infractions noted by the participants of the survey. The results also showed a 67 percent increase in the number of respondents who stressed the importance of investing in a real-time monitoring and remediation tool that displays an enterprise’s current security threat level in order to successfully manage the most urgent security breaches as they occur.

One-in-eight respondents told 8e6 they wanted to incorporate laptop filtering to ensure consistent Internet Acceptable Usage Policies across all computers, regardless of whether they are operating inside or outside the company’s network.

Nearly half of the respondents are faced with the challenge of incorporating Internet filtering and reporting as part of their company’s overall compliance program and Sarbanes-Oxley audit preparation. This number is up 10 percent from the same survey conducted six months earlier at the Interop Las Vegas conference.

Almost a third of respondents see web filtering as critical to blocking inappropriate content such as MySpace and Facebook, among other social networking sites.

“We’re moving into a new age of data security threats and the tools which organizations use to manage these threats must become more sophisticated to address the growing security concerns organizations have today,” said Paul Myer, president and COO of 8e6 Technologies. “8e6 Technologies continues to evolve in order to meet these challenges as a growing number of companies begin to see the real value in protecting both their intellectual property and their ability to conduct business without concern over whether or not rogue employees are compromising core values.”

Indirectly at play too is the growing use of office broadband for sharing personal financial data in which can lead to identity theft. Kroll's Fraud Solutions practice COO Troy Allen said, “More has changed in the world of data protection and identity theft over the past year than in the prior six or seven years combined.”

Allen attributes the spike in reported data breaches to more use of electronic data in day-to-day business, increasingly cheaper data storage options, proliferation of laptop computers and portable memory drives, and insufficient development and enforcement of comprehensive policies and procedures by businesses. As more organizations now recognize what different forms of data breaches take, there is greater recognition and response activity.

Kroll shares four key trends would emerge in 2007:

1. Corporate Preparedness Focus – Companies and organizations will increasingly designate individuals or cross-functional teams with responsibility for proactive data security and breach response, and conduct greater employee education and training.

2. Down with Downloads -- More organizations will implement policies and practices placing restrictions on computers and data devices, like flash drive USBs. This will include companies disabling capabilities to download information from computers.

“Portable memory and CD downloads are conveniences, not necessities,” said Allen. Employers will begin insisting that more information exchange takes place via secure online transfer.

3. Social Engineering Crimes – Criminals are looking for more efficient ways to get larger amounts of data. One scheme that is gathering momentum is bribing employees or actually planting employees who get hired with the sole intention of staying only long enough to steal records. Sadly, the criminals are tough to catch because they get these jobs using stolen identities. Increased employee background screening will be essential.

4. Standards for ID Theft Services – Consumers and businesses need help determining what companies are reputable and trustworthy. In the absence of any federal regulation, there is growing momentum among responsible service providers and consumer advocates for self-regulation of this industry through best practices governing how services are marketed and what business promise.

“It’s in everyone’s interest to get this under control,” said Allen. “People should to be able to trust the organizations they are turning to for help.”

Kroll is a wholly-owned subsidiary of Marsh & McLennan Companies Inc.


---This content is copyrighted by Think & Ask, reproduction of any kind is not permitted without written consent.---