Insiders pose 'accidental' threat to business data, Symantec says
Blurring lines between home and office lead to data leakage
By John P. Mello Jr.
February 08, 2013 — CSO — Valuable intellectual property is leaving companies every day and languishing at insecure locations where it can scooped up by unauthorized parties.
That was one of the findings in a study released this week by cyber security software maker Symantec of Mountain View, Calif.
Half the employees in businesses regularly send work documents to their home computers using a personal account, such as Google's Gmail, according to Symantec. That can be problematic because home networks are typically less secure than those at offices. Gartner reported last year that 20 percent of consumer-grade endpoints are compromised by malware.
Fully 40 percent of employees download work files to a personal mobile devices -- a tablet, for example, or smartphone -- and a third of workers move files using file-sharing apps, like Dropbox, without proper permission, according to Symantec
"The almost ubiquitous availability of storage in the cloud has made it easier than ever to move data around, whether it's for stealing data or taking it home," Tim Matthews, Symantec's senior director for product marketing said in an interview.
[See also: 5 (more) key cloud security issues.]
Most of the workers who move files outside the workplace, he said, don't delete the files after they've finished with them. "Because you have unlimited storage, what we find is employees never think to delete anything or clean it up, so you end up having intellectual property just left in places."
"That will cause data leakage or IP [Intellectual Property] leakage issues down the line," Matthews said.
Commingling personal and work data also contributes to the loss of corporate control over data, he said. "It increases the amount of accidental data leakage when people lose their phone, or they share a Dropbox folder and don't set permissions on the folder properly," he said.
To some extent, businesses contribute to the problem by refusing to recognize the blurring line between their workers' home and office lives, said Paul Stamp, product marketing director at RSA in Bedford, Mass. "Many organizations still have a mindset of inside-the-corporate-network, outside-the-corporate-network," Stamp said. "That's an outdated concept."
The tendency of workers to play fast and lose with their company's intellectual property isn't surprising in light of another finding by Symantec. Nearly half (44 percent) of employees believe that someone who develops the source code for a company has some ownership of it.
What's more, 42 percent of workers don't think it's a crime for the developer of that source code to use it in projects for other companies without permission from the company that paid the developer in the first place.
Understanding critical issues in securing cloud computing—public, private, hybrid, SaaS and all other flavors
Hybrid cloud security real-world tales
Most organizations will use a mixed IT environment that includes public and private clouds as well as non-cloud systems
SaaS, IaaS and Paas: A security checklist for cloud models
API keys, connecting to the cloud, and other important issues to consider
5 cloud security predictions
Smart-phone slinging, identity management, multitenancy, and more
5 key cloud security issues
Cloud security: The basics
Cloud security all about the contract
Cloud security survival guide
The real problems with cloud computing
- Cloud Impacts and Outcomes for Business Leaders
- Providing Security for Software Systems in the Cloud
- The Power of Cloud: Driving Business Model Innovation
- Okta Active Directory Integration - An Architecture Overview
- Moving Beyond User Names and Passwords: An Overview of Okta's Multifactor Authentication Capability
- Avoid the Hidden Costs of AD FS with Okta
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
