Employee Mistakes That Undermine Data Security
Read the article below. Describe a type of mistake that a user can make and what could be done to prevent it. Be specific and creative and don’t repeat what someone else stated.
–Employee Mistakes Undermine US Government Data Security
(November 10, 2014)
According to an Associated Press analysis of information obtained
through Freedom of Information Act (FOIA) requests, at least half of US
government IT security incidents are the result of mistakes made by
workers. Employees have violated workplace policies; lost or had stolen
devices containing sensitive information; and shared sensitive
information.
http://www.theguardian.com/
[Editor’s Note (Pescatore): The numbers aren’t tremendously different
for private industry; if anything, employee error is responsible for a
higher percentage of incidents. Attacker-driven breaches get the press
coverage, but errors by well-meaning insiders (both users and sys
admins) both directly cause a high percentage of breaches and are the
root cause of enabling many external attacker breaches, as well. The
dreaded “email address autocomplete leads to spreadsheet with sensitive
information being sent to competitor/world” error is a common example
of the former, “OK, I’ll spin up www25.acme.com just for tonight for
you on the DMZ” is an example of the latter.
(Murray): This is no more likely to be true in the US Government than
in any other organization. Even in the unlikely event that we were to
solve all of our software quality problems, we would still be vulnerable
to errors and omissions by otherwise well motivated but gratuitously
privileged users. “The dummies have it, hands down, now and forever.”
– –Robert H. Courtney. Such errors should be resisted by application
design, training, supervision, multi-party controls, and automatic
confirmations. Management should recognize and reward timely detection
and correction of errors.]
Answer preview
Users like employees may have access to devices that contain sensitive information and share to unauthorized parties. It could result to data theft. Employees could also share such sensitive information to competitors which may make the business vulnerable to competition.
There are several things that could be done to prevent the access of sensitive information incase employees gain access to devices that contain such information. The management needs to store papers and devices in a place that is inaccessible to the employees. There should also be strict rules for the purpose of restricting access to sensitive information…words 340