Business Technology

Insider threat report finds half of workers don't check who they send data to

3 min read

06 November 2017

Deputy Editor, Real Business

Staff are a precious asset, but they can also cause the biggest problems, which is the centre of the insider threat debate. Consider, however, that leaked data is not always the result of vindictive behaviour.

The insider threat has seen numerous secrets make their way into the hands of competitors. Some staff personally use the data or want to cause the business itself mayhem, while others dig up dirt with the goal of showing it to the public.

After learning he would eminently be fired, EnerVest’s engineer reset the company’s network servers, deleting phone accounts and backup data which couldn’t all be salvaged. The same goes for a former Gucci employee, who, according to Computer World, “left the business nursing an estimated $200,000 cleanup bill”.

Whoever was in charge of Fidelity National Services’ data access rights decided to take information from 2.3m customers, making a hefty sum selling it to a broker. There was the lawsuit filed by Alphabet against a former employee for copying 14,000 internal files, and Edward Snowden is now famous for releasing sensitive NSA documents.

That such cases aren’t as rare we’d like to think was made evident by Egress Software Technologies’ 2,000-employee strong research.

It claimed a significant number of staff purposefully shared confidential information with competitors or previous and new employers. This was mostly done via email, with half of respondents deleting the evidence immediately.

We tend to forget one factor when discussing the insider threat though; that it’s in a human’s nature to err. Tony Glass, GM and VP EMEA of Skillsoft, explained that most mistakes come from staff “clicking on a URL in an email that leads to a phishing attack. The key is education.

“Staff actions can lead to catastrophic outcomes. By giving them the skills and knowledge needed to protect the organisation against the insider threat, businesses can relax in the knowledge that good cyber practice is being adhered to.”

Indeed, Egress found that 37 per cent of staff didn’t always check emails before sending them, leading to corporate data going into the unknown. Some 68 per cent claimed it was due to the rush of the day, while 42 per cent blamed auto-fill technology.

Tony Pepper, CEO and co-founder, Egress, maintained email misuse and lack of double-checking for whatever reason, was common within British business. Most staff never fessed up due to embarrassment or being purely oblivious that it had happened in the first place.

“While it may cause red faces, leaking confidential information can amount to a data breach and could be taken advantage of by the email recipient,” Pepper said. “As we move towards the GDPR, it has never been more important to get a grip on risk points within the organisation and, as this research shows, email needs serious attention.”

As Glass exclaimed, education is a large part of the solution, as is enforcing a standard of looking though emails before sending them off.