Types of Employees That Put Your Cybersecurity at Risk - And How to Stop ThemHR Resource
April 14, 2014 — 2,632 views
Workplaces are now facing a new threat: an insider who can jeopardize company prospects and is a growing problem. Much publicity has been given to Edward Snowden, the ex-National Security Agency (NSA) contractor, who has been accused of giving away top secret information related to government surveillance programs to news media. In contrast, there was no publicity regarding four stolen laptops which contained personal information of about 4 million patients of a particular health care provider in Illinois.
More breach of security
Further examples of such gross unreported violations exist. There was the case of a Boston law firm employee who lost or misplaced a USB drive that contained medical information of 160 clients in a case relating to medical malpractice. The morning news segment of CBS which mistakenly broadcast the SSID of the security center during the Super Bowl is another such case. Such events were cited during the ABA Techshow presentation titled “War Stories of Staff Use of Unapproved Data Services & Devices”. The talk show was hosted by John Jelderks, Director of Information Technology, Barack Ferrazzano Kirschbaum & Nagelberg at Chicago and David G. Ries, technology lawyer and environmental litigator and Clark Hill Thorp Reed at Pittsburgh. The two discussed workplace threat posed by unsuitable employees and offered a few suggestions to solve the problem.
According to Ries and Jelderk, approximately 41 percent of IT security professionals regard “bad” employees as the greatest security threat to companies. In the 2013 U.S State of Cybercrime Survey, about 53 percent of participants admitted to having experienced a cyber-crime incident.
The four kinds of “bad” employees
According to the two experts, there are four kinds of employees who make the workplace vulnerable:
• Security softie: A person who knows almost nothing about security and makes his employer vulnerable by letting his family members and friends use the office provided laptop or work computer.
• Gadget geek: The person who enters the office carrying a large number of devices which is then plugged into the PC.
• Squatter: The person who utilizes company resources in not so appropriate ways
• Saboteur: The person who hacks into areas where access is restricted and then purposefully infects the network.
Countering the threat
It stressed the need for encrypting the data stored on laptop or any mobile device. He recommends that all mobile devices should be encrypted. Their list of recommendations includes the setting up of a training and communications program to orient all employees posed by vulnerable technology. They suggest that employees should also regularly change the passwords.