Mobile // Mobile Applications
Commentary
8/11/2010
12:08 PM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Minor Policy Violations Can Cause Major Breaches

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.Verizon's recently released annual Data Breach Investigations Report holds plenty of scary and alarm-worthy insights into the current nature of of data breaches, their causes and the often basic procedures needed to mitigate or prevent them.

Among the remedies were plenty of the usual suspects:sloppy security practices, failure to maintain and mine logs foe evidence of breaches, increasingly organized and commercialized cyberciminal networks and so on.

What most caught my eye, though, was comment regarding the dangers of allowing "minor" policy violations -- and what can happen when you do so.

While the report is careful not to label all employees who commit "minor" infractions -- illicit software on company machines, inappropriate content or surfing -- as potential criminals, the potential is made pointedly clear:

"Inappropriate actions include policy violations and other questionable behavior that, while not overtly malicious, can still result in harm to information assets. Not only can inappropriate behavior contribute directly to a breach, but it may also be an ill omen of what's to come. Over time investigators have noticed that employees who commit data theft were often cited in the past for other "minor" forms of misuse (or evidence of it was found and brought to light during the investigation)."

That's clear enough -- and essentially falls into the "Ya think?" category.

The question is: If an employee has been "often cited" for violating your company's usage policies --

Why is the employee still with your company?

Usage policies exist -- if they do -- for a reason: To establish and enforce the sorts of habits, practices and behaviors that you deem a) most essential for safeguarding your business's digital assets and b) set standards for acceptable behavior with your equipment and connections, and make also clear what content you consider inappropriate and unacceptable.

If you don't have a formal usage policy, you're already sending an an "anything goes" message.

If your policy doesn't include enforced consequences including termination for serious infractions, and the same for repeated "minor" violations, you're sending the same message.

People slip up, mistakes are made -- and an effective policy includes some slack for good employees.

But frequent violators are a risk-factor you can't afford to tolerate -- with the added advantage that enforcing your policy firmly effectively reinforces it as well.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.