Much of today’s security news is about the latest hacks by cyber criminals, and how they exploited some obscure software vulnerability to break into systems and wreak havoc.
But often a breach will start with something more mundane. Ever since people started sending emails and using the Internet, they have been making the same careless mistakes that leave sensitive information and the business at risk. Sure people are under pressure, they’re in a hurry, and they need to get the job done, but sometimes they let their guard down.
No matter how much you nag people, plead with them and warn them, these mistakes and risky behaviors never seem to end. In this slideshow, Daren Glenister, field chief technology officer, Intralinks, has identified five all-too-common mistakes users need to be careful to avoid.
Risky User Behaviors
Click through for five security blunders users make on an all-too-frequent basis, as identified by Daren Glenister, field chief technology officer, Intralinks.
Sending Emails to the Wrong Address
Virtually everyone has done this at one time or another – transposing a character, forgetting a dash, using “.com” instead of “.org”, etc. It’s when contents are sensitive and not encrypted that the real drama begins. A Google search will reveal many urgent requests on security forums from people who sent confidential files to the wrong address, and are now pleading for advice. According to research by Ponemon Institute, 62 percent of respondents have accidentally sent files to people outside the organization who were not authorized to see them. Talk about rolling the dice!
Devices Getting Lost or Stolen
People are always losing their devices – at the airport, in the back of a taxi, at a restaurant, etc. If a device that’s lost or stolen contains sensitive data, let’s hope you can remote erase it – a lesson NASA learned the hard way. Since it could be hours before you realize your device is missing, you also need to make sure files are encrypted and protected from unauthorized access. (Besides, you may have just misplaced your device, and this way you’ll still have your data.)
Using the Same Password for Work and Personal Accounts
Using separate, strong passwords for work and non-work is such a pain. The only bigger pain is when passwords are stolen, leading to other people using your accounts without your knowledge to steal sensitive data. For example, the massive breach at Target began when someone stole the credentials of an HVAC contractor. At Home Depot, attackers used a vendor’s username and password to steal credit card details for 56 million people. A Verizon Data Breach Report found that a staggering 76 percent of network intrusions began with stolen credentials. We’ve all been warned about password safety, but apparently some people aren’t listening!
Sharing Devices with Family and Friends
This one is especially apt after the holidays, since many people received new devices as gifts and are figuring out how to use them. According to a survey by Kaspersky Lab, one respondent in three reported sharing their computers, phones and tablets, and of those, 32 percent take no precautions to protect their information. Unfortunately, grandma or little Joey may not be sufficiently aware of cyber threats, making them susceptible to scammers or being tricked into downloading malware.
Sending Sensitive Files Via a Consumer-Grade Service
When you need to share a file that’s too large for your email system, it’s tempting to send it through one of the free cloud services. But in general, these consumer-grade services lack the visibility and control necessary for protecting sensitive data. For example, you may love Dropbox, but you shouldn’t use it for transferring files containing PII or company-sensitive information that needs to be protected. Also remember that in regulated industries, you don’t have to wait for a breach to occur – just being in violation of the rules is enough to get hit with a stiff penalty
People Will Make Mistakes – Be Prepared
Human nature being what it is, people will continue to make silly mistakes and fail to follow security precautions no matter how much you remind them. Since they’re probably not going to tell you when something bad happens, it’s best to be prepared at the outset.
Many organizations are turning to Information Rights Management (IRM) technology that embeds encryption and user permissions directly into a file, including who is authorized to view it. If your sensitive data falls into the wrong hands, access can be immediately revoked, keeping the information safe. Think of it as mistake insurance, providing protection when people let their guards down – as they inevitably will.