Mobile // Mobile Applications
12:08 PM
Keith Ferrell
Keith Ferrell

Minor Policy Violations Can Cause Major Breaches

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.

Can minor usage policy infractions serve as predictors of larger problems? Evidently so, according to a recent Verizon data breach analysis report.Verizon's recently released annual Data Breach Investigations Report holds plenty of scary and alarm-worthy insights into the current nature of of data breaches, their causes and the often basic procedures needed to mitigate or prevent them.

Among the remedies were plenty of the usual suspects:sloppy security practices, failure to maintain and mine logs foe evidence of breaches, increasingly organized and commercialized cyberciminal networks and so on.

What most caught my eye, though, was comment regarding the dangers of allowing "minor" policy violations -- and what can happen when you do so.

While the report is careful not to label all employees who commit "minor" infractions -- illicit software on company machines, inappropriate content or surfing -- as potential criminals, the potential is made pointedly clear:

"Inappropriate actions include policy violations and other questionable behavior that, while not overtly malicious, can still result in harm to information assets. Not only can inappropriate behavior contribute directly to a breach, but it may also be an ill omen of what's to come. Over time investigators have noticed that employees who commit data theft were often cited in the past for other "minor" forms of misuse (or evidence of it was found and brought to light during the investigation)."

That's clear enough -- and essentially falls into the "Ya think?" category.

The question is: If an employee has been "often cited" for violating your company's usage policies --

Why is the employee still with your company?

Usage policies exist -- if they do -- for a reason: To establish and enforce the sorts of habits, practices and behaviors that you deem a) most essential for safeguarding your business's digital assets and b) set standards for acceptable behavior with your equipment and connections, and make also clear what content you consider inappropriate and unacceptable.

If you don't have a formal usage policy, you're already sending an an "anything goes" message.

If your policy doesn't include enforced consequences including termination for serious infractions, and the same for repeated "minor" violations, you're sending the same message.

People slip up, mistakes are made -- and an effective policy includes some slack for good employees.

But frequent violators are a risk-factor you can't afford to tolerate -- with the added advantage that enforcing your policy firmly effectively reinforces it as well.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.