Corporate Information Assurance Issues

Corporate data loss on the rise, email still biggest threat says report

A report by data security firm Proofpoint, Inc. finds the number of large corporate organizations reporting the theft or loss of confidential company information, customer information and intellectual property continues to rise as new outlets for information sharing gain popularity and they continue to asses the associated risks. At the same time, breaches of corporate security through email continue to be the most frequent and damaging examples of information assurance failure within the business processes.

Proofpoint polled 261 corporate security decision makers at companies with more than 1,000 employees and compiled the data into the report “Outbound Email and Data Loss Prevention in Today’s Enterprise.” Respondents were asked about the frequency of data loss events in the previous 12 months and given the opportunity to voice their concerns. More than a third (36%) of security executives said their company had fallen victim to the unauthorized exposure of sensitive or embarrassing information in the past year. Theft or exposure of private customer information was reported by 31% of those polled, while 29% of companies suffered theft or leakage of intellectual property during that time showing a lack of critical infrastructure protection.

Email was the most frequently cited source for data loss by the survey participants, with 35% of executives reporting security violations via email. Half of the respondents confirm disciplining an employee for violations of company security policies using email, and 20% admit an employee was fired for such violations and stakeholders were notified. While email has been the number one source of data loss each year, this report signaled an alarming rise in security violations through social networking sites and other new-media outlets:

  • Weakness of data loss via posts on social networking sites such as Facebook and LinkedIn was reported by 20% of companies, with the same 20% reporting employee discipline related to the security breaches and seven percent of companies confirming employee terminations.
  • 53% of those polled say they are highly concerned about the risk of data loss via social networking and other new technologies.
  • 53% also prohibit the use of Facebook on company time or with company equipment while 31% explicitly ban the use of LinkedIn. This risk management approach has seen ROI benefits from increased productivity and less data lost.
  • 49% of companies ban the micro-blogging and messaging site Twitter, and 17% reported a breach of data security via the service. This has become a recommended practice at many larger companies and can help mitigate unplanned risk.

Traditional blog posting and message board participation by employees is another emerging area of concern for security executives. Twenty-five percent of companies reported data loss this way in the previous 12 months, and 11% confirm employee terminations due to private blog or message board activity. Video sharing sites such as YouTube and Vimeo are another culprit. Eighteen percent of companies say sensitive data was compromised via videos posted on these sites, with nine percent reporting employees were fired for their posts. While these particular examples don't pose an IT security risk, they were primarily uncovered via an independent audit of the company's branding and employee communications online.

The rise in data loss may be facilitated by the growing number and popularity of information sharing outlets, but the underlying cause could be associated with current economic conditions according to participants in the Proofpoint survey. More than half of the companies polled (58%) say new budget constraints have hurt their ability to safeguard confidential, proprietary or sensitive information and damaged their accountability internally. Fifty-three percent report reductions in IT staff are having the same effect. At the same time, data loss or theft associated with employees leaving the company (either by layoff or voluntary/involuntary termination) was reported by 21% of surveyed companies which in some cases has resulted in instances of several companies not achieveing their quarterly objectives.

In order to help combat this loss of data, it is recommended to have individuals employed who are actively looking for those losses online. While some loss of assets are not as easy to find as social media posts, it is still recommended that in the interest of business assurance and confidentiality a committee of risk management should be formed to help identify and reduce these types of issues. A simple audit training will suffice for memebers who are not current on risk assessment and board members should absolutely be involded in the committees roles for the best top-down approach.

Source: Proofpoint, Inc. report: “Outbound Email and Data Loss Prevention in Today’s Enterprise.” http://investors.proofpoint.com/releasedetail.cfm?releaseid=664096

An information assurance degree from Regis University Online gives graduates the empowerment and knowledge they need to help curb data loss from within. Pursuing a job in information security could mean saving a company from devastating losses financially or from public perception. Become certified in Information Systems and conquer the complex web today!

Visit our Resource Center for more details on the information assurance industry.

Access Information Assurance Resources