Home > Case Studies > Data Leaks: Are IT Department to Blame?

Data Leaks: Are IT Department to Blame?

By: Sarah Clark (ILEX) - Updated: 14 Mar 2011 | comments*Discuss
 
Data Breach Orthus Security Breaches It

If you’re a business owner, keep a close eye on your IT team on a Tuesday, as recent reports would indicate that the most likely day for a deliberate data breach or sensitive information leak is that day of the week. And someone from the IT department is most likely to be the culprit.

IT staff have been discovered as being the most likely people to deliberately leak sensitive company information, according to a survey carried out on ‘insider threats’ by security firm Orthus in February 2011. Other staff members can also take advantage of any weak areas in company security - according to the research, company customer service teams were not far behind in the data breach deception.

According to the findings of the report, the insider most likely to find themselves giving away important, secret company information is probably going to work in the IT or customer services department, and the data breach will originate from a laptop or mobile device rather than a fixed, desktop computer. Some staff members can be pretty brazen when it comes to doing the dirty on their employer – most will quite blatantly copy sensitive data onto a removable hard drive and then just walk out of the door with it – or send a copy of it to themselves via a webmail account.

Where did the Data Breach Information Come From?

The research was carried out by Orthus, a company that supplies security solutions for business. The company deals with large corporations and small businesses and specialises in finding solutions to their data security issues, as well as other business services. Orthus also carries out business audits, and this is what it used to base the information for the survey on. The company looked at information taken from data leakage audits it had carried out on its own customer sites since 2006, and covers around 500,000 hours of user activity within an unspecified number of organisations – mostly in the UK – with 1000 or more employees.

The survey used a comprehensive definition of ‘sensitive information’ – basically, staff members who took part in the survey were asked to designate specific folders where they were likely to store sensitive information, and the documents within each folder were then scanned for specific keywords and/or phrases.

The type of information found in the folders was categorised into different areas:

  • personal (including customer data)
  • finance
  • legal information and contracts
  • sales, pricing and competitive analysis
  • procurement and cost pricing
  • human resources (including personnel information, CVs, staff photographs,)
  • board meeting minutes and notes
  • miscellaneous client-specific information.

The Figures for Data Breaches

In 30 per cent of cases, the source of any suspicious activity was traced back to the IT department in while staff in the customer services department were responsible for 22 per cent. Other culprits were the sales team who notched up 12 per cent and the operations department with 10 per cent.

HR teams, along with legal departments and finance departments were at the bottom of the list – Orthus believe this is probably down to their professional awareness about confidential and sensitive information.

Mobile devices were responsible for most of the incidents of corporate data leakage - a mobile device was involved in 68 per cent of examples.Other media used were web mail, removable media and in some cases even company email, and for some reason, security incidents tended to peak between 9am and 5pm on a Tuesday.

The conclusion was that managers should be vigilant with security measures around IT and Customer services staff, making sure they are most aware of the consequences of deliberate or accidental data breaches.

You might also like...
Share Your Story, Join the Discussion or Seek Advice..
Why not be the first to leave a comment for discussion, ask for advice or share your story...

If you'd like to ask a question one of our experts (workload permitting) or a helpful reader hopefully can help you... We also love comments and interesting stories

Title:
(never shown)
Firstname:
(never shown)
Surname:
(never shown)
Email:
(never shown)
Nickname:
(shown)
Comment:
Validate:
Enter word:
Topics
Latest Comments
  • rick
    Re: Your Medical Records
    Hi my partner and her friend was booked to go on holiday in August. She was lead passenger, she was unfortunate enough to catch meningitis,…
    18 October 2017
  • Stu.R
    Re: Employee Surveillance
    My employer has used dashcam footage of me reversing a van unaided several times throughout my working day and now dismissed me for causing…
    18 October 2017
  • grim
    Re: Do They Have the Right to Use My Photo on Website?
    Hello I am disabled with a brain injury amongst other things from a car crash. Six years ago I moved…
    23 September 2017
  • Mac
    Re: Why Is Doctor-Patient Confidentiality So Important?
    @Miky - you're usually asked whether you would be prepared to speak to a student doctor, or if a…
    18 September 2017
  • Miky
    Re: Why Is Doctor-Patient Confidentiality So Important?
    My wife went to see a doctor with me. When we arrived in the surgery a gentleman setting greeted us…
    17 September 2017
  • MikeVF
    Re: Your Medical Records
    @Niggle - it was a mistake, give the NHS a break. Are you really trying to find a way to sue when you get such amazing treatment for free....
    14 September 2017
  • Niggle
    Re: Your Medical Records
    I had an instance where I was sent for an MRI because of incorrect information stored on my patient record. All other details on my record…
    12 September 2017
  • Justice
    Re: Does Neighbour's Camera Contravene Privacy Rights?
    Our next door neighbours have been filming us continually inside or house with a camera concealed in…
    9 September 2017
  • Enigma
    Re: Telephone Monitoring at Work
    Can a boss listen to anything I say for example.The work phone is just lying there but I heard that he listens still through the…
    6 September 2017
  • Lesley
    Re: Your Medical Records
    I was recently at a meeting in regards to my children being put on child protection! No harm has ever came to the children and it's basically…
    5 September 2017
Further Reading...
Our Most Popular...
Add to my Yahoo!
Add to Google
Stumble this
Add to Twitter
Add To Facebook
RSS feed
You should seek independent professional advice before acting upon any information on the YourPrivacy website. Please read our Disclaimer.