Mobile // Mobile Applications
Commentary
8/11/2010
12:08 PM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Minor Policy Violations Can Cause Major Breaches

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.Verizon's recently released annual Data Breach Investigations Report holds plenty of scary and alarm-worthy insights into the current nature of of data breaches, their causes and the often basic procedures needed to mitigate or prevent them.

Among the remedies were plenty of the usual suspects:sloppy security practices, failure to maintain and mine logs foe evidence of breaches, increasingly organized and commercialized cyberciminal networks and so on.

What most caught my eye, though, was comment regarding the dangers of allowing "minor" policy violations -- and what can happen when you do so.

While the report is careful not to label all employees who commit "minor" infractions -- illicit software on company machines, inappropriate content or surfing -- as potential criminals, the potential is made pointedly clear:

"Inappropriate actions include policy violations and other questionable behavior that, while not overtly malicious, can still result in harm to information assets. Not only can inappropriate behavior contribute directly to a breach, but it may also be an ill omen of what's to come. Over time investigators have noticed that employees who commit data theft were often cited in the past for other "minor" forms of misuse (or evidence of it was found and brought to light during the investigation)."

That's clear enough -- and essentially falls into the "Ya think?" category.

The question is: If an employee has been "often cited" for violating your company's usage policies --

Why is the employee still with your company?

Usage policies exist -- if they do -- for a reason: To establish and enforce the sorts of habits, practices and behaviors that you deem a) most essential for safeguarding your business's digital assets and b) set standards for acceptable behavior with your equipment and connections, and make also clear what content you consider inappropriate and unacceptable.

If you don't have a formal usage policy, you're already sending an an "anything goes" message.

If your policy doesn't include enforced consequences including termination for serious infractions, and the same for repeated "minor" violations, you're sending the same message.

People slip up, mistakes are made -- and an effective policy includes some slack for good employees.

But frequent violators are a risk-factor you can't afford to tolerate -- with the added advantage that enforcing your policy firmly effectively reinforces it as well.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.