Focus on Threat of Outside Attacks Overlooks Danger Employee Behavior Poses
to American Business
RSA CONFERENCE, SAN FRANCISCO, Feb. 5 /PRNewswire-FirstCall/ -- McAfee,
Inc. (NYSE: MFE), today revealed new research indicating that while most
American companies are investing in technology and policy to secure
sensitive data from outside attacks, the threat of data loss at the hands
of their own employees is what should have their attention. The study,
conducted for McAfee by Illuminas, surveyed 300 office workers across the
United States at companies with at least 200 employees. More than
two-thirds of responses came from organizations with more than 1,000
employees.
The research suggests that most U.S. companies are establishing
corporate policies to prevent data loss, with the overwhelming majority of
respondents (84 percent) saying their company has a formal policy in place
regarding the treatment of sensitive information. However, the research
also reveals that many employees consistently disregard those policies. For
example, 21 percent of all respondents admitted to leaving a confidential
or sensitive document on a printer tray, and 22 percent said they sometimes
lend to colleagues the portable devices on which they store work documents.
Key findings that demonstrate the danger American employees are posing
to corporate security include:
* Eighty-four percent of respondents said their organization has a
policy regarding the treatment of sensitive information, with that group
citing shredding (69 percent), locks (47 percent) and passwords (51
percent) among the ways to manage it. However:
-- More than a quarter (26 percent) of all respondents do not shred
confidential or sensitive documents when they have finished with them
-- Twenty-one percent of all respondents admitted to leaving a
confidential or sensitive document on a printer tray
* Eighty-eight percent of respondents who said they transfer customer
data outside the organization said they use e-mail to do the transfer, and:
-- 23 percent of that group also said they use Web-based e-mail to
transfer this data out of the workplace
* While nearly four out of every 10 respondents (38 percent) take up to
10 documents out of the office each week on portable devices such as
laptops (41 percent), USB memory sticks (22 percent) and CD-ROMs (13
percent):
-- More than one in every five respondents (22 percent) physically lend
the portable devices on which they store work documents to colleagues
More than reputations at risk
According to the Privacy Rights Clearinghouse, a nonprofit consumer
information and advocacy organization, since February 2005 more than 100
million data records containing sensitive personal information of U.S.
residents have been exposed due to security breaches(1). In addition to
severely damaging a company's reputation, leaked customer or corporate data
can potentially result in legal action if the business violates regulations
such as the Gramm-Leach-Bliley Act of 1999, California Senate Bill 1386, or
the Health Insurance Portability and Accountability Act (HIPAA), which now
force public notification of breaches of personally identifiable
information. Senator Dianne Feinstein (D-Calif.) recently introduced the
Notification of Risk to Personal Data Act, which would require businesses
and government agencies to notify consumers under certain circumstances of
data breaches as currently proposed.
Outside focus, inside threat
Threats to enterprise security have traditionally been viewed as
originating outside the organization. Companies regularly spend thousands
of dollars on technology products in an effort to stop intruders and
malicious software such as viruses, trojan horses, worms, logic bombs and
other harmful computer code from entering their corporate network. These
products include anti-virus, anti-spam, firewalls and intrusion prevention
systems, to name but a few.
However, while the majority of businesses scan their in-bound email for
unsolicited content, many fail to check their internal and outbound email,
essentially allowing the unauthorized transfer of data within or outside of
the organization.
The growing use of portable devices by employees is also challenging
the integrity and security of digital assets. Company laptops, USB sticks,
mobile phones and MP3 devices make it easy to transport thousands documents
at a time out of company parameters, but the vast majority of these devices
go uncontrolled by IT departments.
"Data loss has been heralded as one of the most pressing issues facing
organizations in 2007, and with almost all corporate information now
existing in electronic form, it's not hard to see how data loss at the
hands of employees has emerged as a serious threat," said Vimal Solanki,
senior director of worldwide product marketing. "Companies must employ a
basic risk management strategy, create policies and implement technology to
secure data. But policy combined with technology that focuses on outside
attacks alone clearly isn't enough to protect companies from the threat of
data loss. The harsh reality is that sensitive corporate data can easily
end up in the wrong hands -- deliberately or accidentally -- because of
employee behavior."
A report of the survey results is available at
http://www.mcafee.com/rsa_presskit .
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company,
headquartered in Santa Clara, California, delivers proactive and proven
solutions and services that secure systems and networks around the world.
With its unmatched security expertise and commitment to innovation, McAfee
empowers home users, businesses, the public sector, and service providers
with the ability to block attacks, prevent disruptions, and continuously
track and improve their security. http://www.mcafee.com .
NOTE: McAfee is a registered trademark of McAfee, Inc. and/or its
affiliates in the US and/or other countries. McAfee Red in connection with
security is distinctive of McAfee brand products. All other registered and
unregistered trademarks herein are the sole property of their respective
owners.
(1) http://www.privacyrights.org
SOURCE McAfee, Inc.
 back to top
Related links:
http://www.mcafee.com
CONTACT:
Erica Coleman of McAfee, Inc.,
+1-408-346-5624, or erica_coleman@mcafee.com; or Ian Bain of Red
Consultancy, +1-415-618-8806, or ian.bain@redconsultancy.com, for
McAfee
|
