February 5, 2007 By News Report
The research suggests that most U.S. companies are establishing corporate policies to prevent data loss, with the overwhelming majority of respondents (84 percent) saying their company has a formal policy in place regarding the treatment of sensitive information. However, the research also reveals that many employees consistently disregard those policies. For example, 21 percent of all respondents admitted to leaving a confidential or sensitive document on a printer tray, and 22 percent said they sometimes lend to colleagues the portable devices on which they store work documents.
Key findings that demonstrate the danger American employees are posing to corporate security include:
According to the Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization, since February 2005 more than 100 million data records containing sensitive personal information of U.S. residents have been exposed due to security breaches. In addition to severely damaging a company's reputation, leaked customer or corporate data can result in legal action if the business violates regulations such as the Gramm-Leach-Bliley Act of 1999, California Senate Bill 1386, or the Health Insurance Portability and Accountability Act (HIPAA), which now force public notification of breaches of personally identifiable information. Senator Dianne Feinstein (D-Calif.) recently introduced the Notification of Risk to Personal Data Act, which would require businesses and government agencies to notify consumers under certain circumstances of data breaches.
Outside focus, inside threat
Threats to enterprise security have traditionally been viewed as originating outside the organization. Companies regularly spend thousands of dollars on technology products in an effort to stop intruders and malicious software from entering their corporate network.
However, while the majority of businesses scan their in-bound e-mail for unsolicited content, many fail to check their internal and outbound e-mail, essentially allowing the unauthorized transfer of data within or outside of the organization.
The growing use of portable devices by employees is also challenging the integrity and security of digital assets. Company laptops, USB sticks, mobile phones and MP3 devices make it easy to transport thousands documents at a time out of company parameters, but the vast majority of these devices go uncontrolled by IT departments.
You may use or reference this story with attribution and a link to