Home > Case Studies > Data Leaks: Are IT Department to Blame?

Data Leaks: Are IT Department to Blame?

By: Sarah Clark (ILEX) - Updated: 14 Mar 2011 | comments*Discuss
 
Data Breach Orthus Security Breaches It

If you’re a business owner, keep a close eye on your IT team on a Tuesday, as recent reports would indicate that the most likely day for a deliberate data breach or sensitive information leak is that day of the week. And someone from the IT department is most likely to be the culprit.

IT staff have been discovered as being the most likely people to deliberately leak sensitive company information, according to a survey carried out on ‘insider threats’ by security firm Orthus in February 2011. Other staff members can also take advantage of any weak areas in company security - according to the research, company customer service teams were not far behind in the data breach deception.

According to the findings of the report, the insider most likely to find themselves giving away important, secret company information is probably going to work in the IT or customer services department, and the data breach will originate from a laptop or mobile device rather than a fixed, desktop computer. Some staff members can be pretty brazen when it comes to doing the dirty on their employer – most will quite blatantly copy sensitive data onto a removable hard drive and then just walk out of the door with it – or send a copy of it to themselves via a webmail account.

Where did the Data Breach Information Come From?

The research was carried out by Orthus, a company that supplies security solutions for business. The company deals with large corporations and small businesses and specialises in finding solutions to their data security issues, as well as other business services. Orthus also carries out business audits, and this is what it used to base the information for the survey on. The company looked at information taken from data leakage audits it had carried out on its own customer sites since 2006, and covers around 500,000 hours of user activity within an unspecified number of organisations – mostly in the UK – with 1000 or more employees.

The survey used a comprehensive definition of ‘sensitive information’ – basically, staff members who took part in the survey were asked to designate specific folders where they were likely to store sensitive information, and the documents within each folder were then scanned for specific keywords and/or phrases.

The type of information found in the folders was categorised into different areas:

  • personal (including customer data)
  • finance
  • legal information and contracts
  • sales, pricing and competitive analysis
  • procurement and cost pricing
  • human resources (including personnel information, CVs, staff photographs,)
  • board meeting minutes and notes
  • miscellaneous client-specific information.

The Figures for Data Breaches

In 30 per cent of cases, the source of any suspicious activity was traced back to the IT department in while staff in the customer services department were responsible for 22 per cent. Other culprits were the sales team who notched up 12 per cent and the operations department with 10 per cent.

HR teams, along with legal departments and finance departments were at the bottom of the list – Orthus believe this is probably down to their professional awareness about confidential and sensitive information.

Mobile devices were responsible for most of the incidents of corporate data leakage - a mobile device was involved in 68 per cent of examples.Other media used were web mail, removable media and in some cases even company email, and for some reason, security incidents tended to peak between 9am and 5pm on a Tuesday.

The conclusion was that managers should be vigilant with security measures around IT and Customer services staff, making sure they are most aware of the consequences of deliberate or accidental data breaches.

You might also like...
Share Your Story, Join the Discussion or Seek Advice..
Why not be the first to leave a comment for discussion, ask for advice or share your story...

If you'd like to ask a question one of our experts (workload permitting) or a helpful reader hopefully can help you... We also love comments and interesting stories

Title:
(never shown)
Firstname:
(never shown)
Surname:
(never shown)
Email:
(never shown)
Nickname:
(shown)
Comment:
Validate:
Enter word:
Topics
Latest Comments
  • Han
    Re: Employee Surveillance
    @Sophie - speak to your union rep if you have one.
    19 June 2017
  • Sophie
    Re: Employee Surveillance
    My employer has installed audio listening and recording in the office. Now they want us to sign its ok. We do not want it of course. Our…
    18 June 2017
  • Shots
    Re: Employee Surveillance
    A colleague is being investigated for theft as the employer believes the items he's been accused of stealing locker has been "opened". The…
    12 June 2017
  • Lizzy
    Re: Your Medical Records
    Can my ex who has a daughter who is a nurse look at my medical records
    7 June 2017
  • Tina
    Re: Employee Surveillance
    Hi, I dont get on with my manager and dont trust him whilst having a one to one meeting. He denies things that he has said and I can't…
    28 May 2017
  • Hoody
    Re: Do They Have the Right to Use My Photo on Website?
    Can a work use a photo against you
    28 May 2017
  • Matt
    Re: Your Medical Records
    @Jennie - sounds like a mistake has been made somewhere along the line - but what that mistake is, is anyone's guess.
    26 May 2017
  • Jennie
    Re: Your Medical Records
    Hi just had a phone call from my doctors saying there has been an admistration problem with my records anyone know what that means please?
    26 May 2017
  • Jayb118
    Re: Employee Surveillance
    Hi I just wanted to know where I stand regrading cctv in my work truck?? We have 6 cameras I'm fine with them all to be honest as it's good…
    16 May 2017
  • DannyB
    Re: Employee Surveillance
    A colleague I fell out with is keeping an observation log on me, from when she sees me.., including in my private life. My employers have…
    12 May 2017
Further Reading...
Our Most Popular...
Add to my Yahoo!
Add to Google
Stumble this
Add to Twitter
Add To Facebook
RSS feed
You should seek independent professional advice before acting upon any information on the YourPrivacy website. Please read our Disclaimer.