Surveys monitoring over 100,000 hours of employee activity show that trusted users are the most likely to be the source of information leaks.

The surveys, completed in the last 12 months, have looked in detail into the ways in which internal users access, process, store and transmit sensitive information including personal information, financial information, product roadmap and future product detail, contracts, pricing information and HR records.

The findings from the survey showed that every organisation without exception had suffered multiple instances of data leakage, many of them serious and potentially very damaging.

The analysis pinpoints exactly who, where, when and how critical information assets are removed from the infrastructure and demonstrates that the real problem – and the solution – is all about the user.

Key results from the survey showed that corporate data leakage was most likely to occur through mobile devices, with 68 per cent of all events identified linked to mobile rather than fixed desktop systems.

Information technology and customer services departments had the highest incidence of data leakage. Most incidents of data leakage occur during the extended working day, between 7am and 7pm from Monday to Friday.

The applications most favoured by users to remove sensitive data were identified as web mail, instant messaging and social networking web sites.

The top four data leakage vectors were identified as mobile devices, web mail, removable media and corporate email.

All data leakage incidents identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.

Richard Hollis, managing director of Orthus, said that companies continue to try and protect information by protecting the architecture deploying devices to protect devices. He warns that they neglect the protection of data.

“Until organisations accept that the majority of losses are associated with authorised users and implement the necessary controls where they are effective – between the user and the information itself – these losses will continue,” Hollis added.

Related articles

• Employees involved in majority of fraud cases
• Temporary staff poses a data breach risk
• Data loss: the hype and the reality
• Poor document management covered up
• Online networkers face ID theft risk
• Making good business sense of data protection
• Protecting your company against corporate crime

Related links

• Orthus Limited

Share this: digg   del.ico.us   Newsvine   Reddit   Furl   technorati   Facebook

Comments (0)

Subscribe to this comment's feed

Name (required)

Email (required) (not published)

Website

Title

POST

By posting on this website you are agreeing to abide by our website comment policy and all posts are subject to the approval of the website editor. We will remove posts that contain offensive or threatening language, personal attacks on the writer or other posters, posts that are off topic and posts that are considered spam or specifically used to promote any commercial products or services. Any poster who repeatedly contravenes the policy will be banned from posting on the website.