|
October 16, 2000 |
 |
Beware Of The Threat From Within
But most of this monitoring isn't for sensitive trade secrets. It's merely surveillance to ensure employees aren't forwarding sexually explicit or offensive material around the company. Those types of actions are viewed as such a threat that seven in 10 companies include monitoring employee Web use in their official security guidelines.
The really startling security news is the extent to which employee breaches occur. One in four companies reports security breaks traced to authorized staff members. But security culprits aren't always current employees--some 15% of companies have had an attack committed by a former employee.
How is your company controlling the internal theft of data files? Let us know at the address below.
hen it comes to breaching company security, it's the people with daily, unlimited access to company trade secrets, customer lists, and future marketing campaigns that warrant extra attention. And most insiders moving sensitive information outside the company domain rarely have noble motives.
When company secrets can be sent around the world with the click of a mouse, it's not surprising that the most pervasive clause in U.S. business security policies concerns appropriate E-mail use. Of the 2,375 U.S. companies surveyed in InformationWeek Research's Global Information Security study, 84% cover E-mail appropriateness in their security procedures.
George V. Hulme
Own the data behind InformationWeek Research. See our available reports at informationweek.com/reports
Senior Editor
ghulme@cmp.com
This week in Behind The Numbers:
| A Question Of Priorities | Who Can You Trust? | Employees Lack Facts | Who's Making The Call? |
A Question Of PrioritiesMost companies have yet to make their information security policy a high priority despite the possibility of security breaches, denial-of-access attacks, and destructive viruses. Two in every five U.S. companies have yet to set a regularly scheduled time to review the validity of their security procedures. And another one in five reviews its security policy only once a year. But not every company is placing such little importance on protecting company assets. In all, 24% of U.S. businesses are taking their security procedures so seriously that they're continuously conducting policy reviews to accommodate changing needs. |
Who Can You Trust?Outside service providers are hired to help companies, not hinder them. And when such relationships are forged, a certain level of trust is essential if the partnership is to prosper. But for a small number of businesses, this willingness to share has come at a price. Companies sometimes expose their networks to fulfill IT initiatives, and a few service vendors have taken advantage of the situation. In all, 4% of businesses admit that a service vendor has scammed them out of data and that sensitive company information has been lost to such partnerships. |
Employees Lack FactsPerhaps we should excuse employees who get into trouble by violating company security. Only 9% of companies surveyed in InformationWeek Research's study educate every worker with computer access on all aspects of the company's security policy. For most businesses, employee knowledge of security protocol isn't very high. Almost a third of companies confirm that less than 25% of their staffers are familiar with company security guidelines. Another 21% report that between a quarter to half of their workers know which actions will get them into trouble. Clearly, security education is essential if companies are going to make staff members accountable for their actions. |
Who's Making The Call?Security breaches, whether intentional or not, are most often attributed to employees. But staffers can also be security assets when problems occur. Workers with content access to a company's data files and programs possess a level of familiarity with company information, making early identification of even the slightest alterations that much more likely. In nearly half of sites surveyed, office colleagues are typically the first ones to spot a security breach. Yet not all businesses have been so fortunate; at one in five companies surveyed, it's been a customer or supplier that has stumbled across the problem first.
|
Back to Business Intelligence
Send Us Your Feedback
Top of the Page
Upcoming Events
Live Events
- I Can See Clearly Now - E2 Conference Boston
- Get practical strategies to build a solid plan for profitability and success - Mobile Commerce World - Mobile Commerce World
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- How to Choose a SaaS Vendor - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Featured Whitepapers
Featured Reports
