Network security is becoming more and more difficult to maintain. Even as firewalls and spy detection programs get better at beating back cybercriminals, they just don’t work against the loose lips of employees. It’s human nature to gossip. Even before we became human, we liked to share secrets, though at that time it was called ‘grooming’–sitting together, grunting and barking, as we picked lice and dirt from our best friend’s fur. Now, that’s replaced with emails, blogs, tell-all websites. They accomplish the same social network stuff, but on a much larger scale.
Here’s a report from the Wall Street Journal that expands on this growing problem:
A report from security firm Proofpoint shows that email isn’t the only inside threat companies face — confidential information is leaking out via blogs, mobile devices and social-media sites.
In a survey of some 220 companies, Proofpoint found that email is still the No. 1 offender when it comes to data leaks. About 43% of respondents had investigated an email-based security breach during the past year. Nearly one-third of the companies surveyed had fired an employee for violating email confidentiality policies, a 26% increase from 2008.
Blogs and videos are increasingly channels for leaks as well, with 18% of respondents saying that they looked at those media when investigating an information leak. Social-networking sites such as Facebook and MySpace have also seen jumps in privacy-related incidents — 17% of respondents reviewed social-media hubs, up from 12% a year ago.
In a Proofpoint video, the company’s director of market development, Keith Crosley, said that shrinking information-technology budgets and the economic downturn itself contribute to the problem. “Layoffs themselves are often the cause of data breaches,” he said. “When employees leave a company, they sometimes take confidential information with them.”
Half of the survey respondents said that cuts in their IT staff had damaged their ability to protect confidential information, and 42% said that ramped-up job cuts heightened the risks of data leaks.
And while nearly half (48%) of surveyed companies with 20,000 or more employees have hired workers to read or analyze outbound email, only 38% of companies overall employ such staff. That figure, however, is the highest Proofpoint has seen in the study’s six-year history.
While most companies had policies for the use of email (96%) and messaging overall (90%), fewer had developed rules for the acceptable use of blogs and social networking — 72% and 67%, respectively.