10 Riskiest Data Loss Mistakes

All you have to do is look at the papers to realize that company data is being exposed or hacked on an almost daily basis. Of course you might wonder how all this data gets in the hands of the cyber criminals. Perhaps not surprisingly, it often has a little help -- not from malicious insiders but often from well-meaning, but unknowing employees. Whether it's simply working around security controls to open a Web site or letting their kids access their MySpace profiles on a company issued laptop, uninformed employee behavior can put a company at significant risk for security breaches and hacks.



Cisco recently commissioned a study, conducted by U.S. market research firm InsightExpress, to examine security and data leakage implications for businesses at a time when companies are more reliant on mobile workers and the network perimeter is becoming increasingly fluid. Altogether, the study was based on responses from a total of 2,000 employees and IT professionals in 10 countries. Here are some of the most noteworthy findings.

It would probably be easier to get to those illegal music sites, if only those pesky security controls were out of the way. Altogether, the Cisco study found that one in five employees altered the security settings on their computer to bypass IT policies so they could access unauthorized or inappropriate Web sites. When asked why they disabled crucial security functions, more than half said they simply wanted to access a Web site (on a company device), and a whopping third said that it was no one's business which sites they surfed. Employees in China and India were the most likely to circumvent their business security policies.

Roughly seven out of 10 IT professionals maintained that as many as half their company's data loss incidents resulted from employees accessing inappropriate Web sites and applications, such as social networking sites, media and music downloads, online shopping, etc. This belief was strongest in India at 79 percent, followed by the U.S. at 74 percent.

While the Mission Impossible movies may be entertaining, they may be more of a reality in the workplace than most people suspect. Two out of five IT pros in the past year said they had to deal with the repercussions of employees gaining access to unauthorized parts of a network or facility. This occurred most in China, with about two thirds of respondents contending that they have had to deal with this problem. Of the companies that reported this issue, two out of three said that they had multiple incidents in the past year, while 14 percent said they deal with it on a monthly basis.

Corporate trade secrets are not always secret, especially when workers are angry, confused or simply like to gossip. About one out of four employees, or 24 percent, admitted verbally to sharing sensitive or confidential corporate information with friends, family and even strangers. When asked why, some of the most common excuses included "I had to bounce an idea off of someone," "I needed to vent," and "I didn't see anything wrong with it."

Meanwhile, devices aren't always in the hands of the right people either. Almost half of the employees surveyed said that they share work-issued devices with others, such as non-employees, when not under company supervision.

Almost two out of three employees admitted using work computers for personal matters. This of course includes things like downloading music, file sharing, P2P networks, maintaining social networking site profiles, talking in chat rooms, shopping, banking, blogging, and just about everything else. Half of the employees surveyed said they use their personal e-mail accounts to contact customers and conduct business-related matters, but only 40 percent said that this practice was authorized by their IT department.

At least one in three employees said that they leave their work computers logged on and unlocked when they're away from their desk. The same employees also said that they leave their work laptops on their desk at night, sometimes without logging off of the network, which subsequently opens up the floodgates for laptop theft and unauthorized access to corporate data.

Logins and passwords are too easily accessible, the survey found. One of five employees say that they store things like login credentials and passwords on their computer or (possibly worse yet) write them down and leave them in their desk, unlocked cabinets or physically posted somewhere on their computers. In some countries, such as China, more than a quarter of workers reported that they stored logins and passwords to personal financial accounts on their work devices, significantly increasing the risk of exposing their identity and finances. Couple that with the fact that many employees lose, misplace or leave these devices unattended, and you have a recipe for company data breach.

Now where did that BlackBerry go again? Almost one in four, or 22 percent, of those surveyed said that employees carry corporate data on mobile devices, such as smart phones or laptops, which they bring outside the office. This occurs most frequently in China. And of course, these devices are hard to keep track of, as many with a small portable electronic device can attest.

Ever wonder who that stranger was saying that he lost his entrance badge outside the security doors? More than one in five German employees said that they allow non-employees to roam around their office unsupervised. On average, strangers were allowed to wander in and out of office building about 13 percent of the time. Meanwhile, another 18 percent said they have allowed unknown individuals to follow behind them to gain entrance into the building.