According to a study commissioned by Cisco Systems and carried out by InsightExpress, much of the data leakage that occurs is the result of poor practices by employees and could be easily prevented.
Data leakage has become particularly prevalent, as more employees become mobile and must take a greater level of responsibility for securing their mobile devices. Securing email, and using precautions like encryption, on mobile devices used while away from the office still needs to be practised. The study takes a lok at employees in ten countries, examining security and data leakage in relation to changing work environments and increased mobility. According to the study, the ten most noteworthy findings about employee behavior are:
- Altering security settings on computers
- Using unauthorized applications
- Having unauthorized network/facility access
- Sharing sensitive corporate information
- Sharing corporate devices
- Blurring of work and personal devices and communications
- Leaving devices unprotected
- Storing logins and passwords
- Losing portable storage devices
- Allowing “tailgating” and unsupervised roaming
The study also showed that in emerging countries, such as Brazil, India and China, data leakage due to lack of policy enforcement is much more rampant.
According to the study, 80 percent of end users use company-issued computers for personal use, including sending and receiving personal email through a personal email account. Twenty percent said they alter security settings to access unauthorized web sites, and this is most prevalent in China and India–where 42 percent in China do so, 26 percent in Brazil, and 20 percent in India.