Home > Case Studies > Data Leaks: Are IT Department to Blame?

Data Leaks: Are IT Department to Blame?

By: Sarah Clark (ILEX) - Updated: 14 Mar 2011 | comments*Discuss
Data Breach Orthus Security Breaches It

If you’re a business owner, keep a close eye on your IT team on a Tuesday, as recent reports would indicate that the most likely day for a deliberate data breach or sensitive information leak is that day of the week. And someone from the IT department is most likely to be the culprit.

IT staff have been discovered as being the most likely people to deliberately leak sensitive company information, according to a survey carried out on ‘insider threats’ by security firm Orthus in February 2011. Other staff members can also take advantage of any weak areas in company security - according to the research, company customer service teams were not far behind in the data breach deception.

According to the findings of the report, the insider most likely to find themselves giving away important, secret company information is probably going to work in the IT or customer services department, and the data breach will originate from a laptop or mobile device rather than a fixed, desktop computer. Some staff members can be pretty brazen when it comes to doing the dirty on their employer – most will quite blatantly copy sensitive data onto a removable hard drive and then just walk out of the door with it – or send a copy of it to themselves via a webmail account.

Where did the Data Breach Information Come From?

The research was carried out by Orthus, a company that supplies security solutions for business. The company deals with large corporations and small businesses and specialises in finding solutions to their data security issues, as well as other business services. Orthus also carries out business audits, and this is what it used to base the information for the survey on. The company looked at information taken from data leakage audits it had carried out on its own customer sites since 2006, and covers around 500,000 hours of user activity within an unspecified number of organisations – mostly in the UK – with 1000 or more employees.

The survey used a comprehensive definition of ‘sensitive information’ – basically, staff members who took part in the survey were asked to designate specific folders where they were likely to store sensitive information, and the documents within each folder were then scanned for specific keywords and/or phrases.

The type of information found in the folders was categorised into different areas:

  • personal (including customer data)
  • finance
  • legal information and contracts
  • sales, pricing and competitive analysis
  • procurement and cost pricing
  • human resources (including personnel information, CVs, staff photographs,)
  • board meeting minutes and notes
  • miscellaneous client-specific information.

The Figures for Data Breaches

In 30 per cent of cases, the source of any suspicious activity was traced back to the IT department in while staff in the customer services department were responsible for 22 per cent. Other culprits were the sales team who notched up 12 per cent and the operations department with 10 per cent.

HR teams, along with legal departments and finance departments were at the bottom of the list – Orthus believe this is probably down to their professional awareness about confidential and sensitive information.

Mobile devices were responsible for most of the incidents of corporate data leakage - a mobile device was involved in 68 per cent of examples.Other media used were web mail, removable media and in some cases even company email, and for some reason, security incidents tended to peak between 9am and 5pm on a Tuesday.

The conclusion was that managers should be vigilant with security measures around IT and Customer services staff, making sure they are most aware of the consequences of deliberate or accidental data breaches.

You might also like...
Share Your Story, Join the Discussion or Seek Advice..
Why not be the first to leave a comment for discussion, ask for advice or share your story...

If you'd like to ask a question one of our experts (workload permitting) or a helpful reader hopfully can help you... We also love comments and interesting stories

(never shown)
(never shown)
(never shown)
(never shown)
Enter word:
Latest Comments
  • captain fury
    Re: Patient Privacy in the NHS
    If a doctor is known, with evidence, to be causing harm, falsifying records, defaming patients and its generally agreed by his…
    13 March 2017
  • Dolly
    Re: Your Medical Records
    I called the ambulance to commit my friend who is incredibly unwell. The cop asked my mom if I'm taking my medication. Can cops find my…
    13 March 2017
  • Victory
    Re: Employee Surveillance
    Hello if may ask my employees can record voice with cctv cameras or not because i know is forbidden
    11 March 2017
  • Misty
    Re: Employee Surveillance
    My job includes not just working but living on a private estate. The cctv monitoring system has recently been installed in my own personal…
    6 March 2017
  • Keith
    Re: Employee Surveillance
    Can my boss follow me home after leaving work for personal reasons after he let me go and sit out side my house and take photos as he did…
    3 March 2017
  • anon
    Re: Computer Monitoring In The Workplace and Your Privacy
    can a employer monitor your keystorkes without your knowledge and dismiss you for gross misconduct…
    3 March 2017
  • anon
    Re: Your Privacy Rights at Work
    can a employer monitor your keystorkes without your knowledge and dismiss you for gross misconduct because of this
    3 March 2017
  • Superman
    Re: Why Is Doctor-Patient Confidentiality So Important?
    Hi I am under a doctor for my medication and the resptionist rang my mother and said information…
    1 March 2017
  • nevergiveup77
    Re: Your Medical Records
    Ive just recieved a letter via my solicitor stating i was dianosed with a dissorder which i never saw a doctor about and also it says i had…
    26 February 2017
  • strawberry
    Re: Do They Have the Right to Use My Photo on Website?
    Just found book with picture of my daughter on the top page and my two daughters names in and…
    25 February 2017
Further Reading...
Our Most Popular...
Add to my Yahoo!
Add to Google
Stumble this
Add to Twitter
Add To Facebook
RSS feed
You should seek independent professional advice before acting upon any information on the YourPrivacy website. Please read our Disclaimer.