Talking Employee Security Breaches with Network World

This week I had a chance to talk with Network World’s director of programming Keith Shaw about the various ways that employees breach data security – both intentionally and inadvertently.

The podcast interview captures a number of ways that employees breach enterprise security, whether by accident or with malicious intent. Here are some of the highlights:

• Employees are often fast and loose with their passwords, whether keeping passwords under their keyboards, or giving them to a colleague for quick access to perform a task
• Not logging out of a session when in an open environment like a hospital, where a doctor leaves the workstation to check on a patient but doesn’t return for twenty minutes or more, is a big problem. This presents huge security breach potential for someone who may be walking by who can simply hop on an open, unattended terminal
• Letting people into a building by holding a door open, simply to be nice, opens up whole new can of data breach worms
• The stronger you make a password to be required, the more likely employees will write down those strong passwords and leave them by their computer
• There are now increased attacks on small- to mid-sized businesses because IT departments are smaller and often overwhelmed already, so security becomes a vulnerability

The Bottom Line:

Companies should always do an assessment of what a company’s crown jewels are, who controls access to IT assets and how to secure them; then work downward throughout the organization. However, password management needs to be well thought through, as the more complex you make employee access, the more likely they’ll find a work-around and circumvent the system.

Give a listen to the podcast to get the full details and some great exchanges with Keith outlining the real-world issues these situations present to companies today.

--David