digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

Employees, not hackers, cause most corporate data loss

arstechnica.com Much security coverage focuses on malware, hackers, and the dangers both pose to unwary companies, but there's evidence to suggest the problem lies a good deal closer to home. How close? Try one cubicle over.

Who dugg this? Made popular Oct 12, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

64 Comments

show profanity settings
expand all
  • synagence, on 10/12/2008, -1/+38Well Duh!

    I know of several large datalosses which have directly been caused by user-error
    Happens all too easy
  • ThePowerDigger, on 10/12/2008, -0/+32agreed, they have to loss you soon
  • Scr4tchFury, on 10/13/2008, -0/+22Upper management is the #1 cause of data loss.

    "We'd like to make sure all of our data is secure. Oh, btw, could you disable the screensaver on my laptop? It keeps asking me for my password, and it's really annoying. And while you at is, could you disable the password requirement entirely but only for me (CIO), the CEO, the CFO, the President, and General Counsel. Oh, and the General Counsel don't want a password on his voicemail either. Thanks."

    True story. So very, very true. Sigh.
  • aereaus, on 10/12/2008, -1/+21Treat your employees well. Kinda simple huh?

    As a "Lose Prevention" officer, I was told that, "Most theft is due to workers." Ahh duhh!

    As a former employee from Corporate America, kiss my ass!
  • neutronphaser, on 10/12/2008, -0/+14Losser
  • centerzero, on 10/12/2008, -7/+20agreed, I make my company loss a lot of money every day!!
  • toolboxnj, on 10/12/2008, -0/+12The ol' lost thumbdrive ;)
  • JakeKreber, on 10/12/2008, -0/+10my...my...my stapler...
  • brainnovate, on 10/12/2008, -1/+10Damn employees.
  • AlienMushroom, on 10/12/2008, -0/+9More people die from natural causes than murders.
  • flamyngo, on 10/12/2008, -0/+9um, duh... have you guys not SEEN Office Space?
  • kirakun, on 10/12/2008, -0/+9I always can't help remembering what "sudo rm -rf /" and "drop schema PROD_DB cascade" mean, so...

  • redpotato, on 09/27/2009, -0/+7Fire all employees, hire Oompa-Loompas.
  • umbrellainabin, on 10/13/2008, -0/+6The British Government is a perfect example of this. Looking at how much data has been lost this year due to lost CDs, DVDs, Laptops, PDAs etc etc.
  • DamnMan, on 10/13/2008, -0/+5Someone didn't read the article. Its not about what your employees are intentionally doing. but what they accidentally do.

    Those "Cyber criminals by night" are most likely the same employees you will get to deploy any counter measure in the first place. i.e. People like me. People like me laugh at your network monitor while they watch hardcore porn movies though SSH encrypted tunnels. People like me boot to thumb drives or CDs to bypass and sniff out employer spyware. People like me stealth into the Coms Closet and split your corner offices ethernet connection for easy packet collection of their own. People like me are the keepers of your emails, your telephone networks, Your payrolls and databases. People like me are the hand that feeds you. Don't bite.
  • inactive, on 10/13/2008, -0/+4Wow...just wow...BRILLIANT...You must be a blast to work with
  • inactive, on 10/13/2008, -0/+3Nail, head, you.
  • Pixelpaws, on 10/12/2008, -0/+3I can (un)do the work of ten men.
  • synagence, on 10/13/2008, -0/+3Ok ... didn't mean they lost the data forever ... but they caused a major recovery to be necessary .. which leads to outages and lost $$$
  • lazyfisherman, on 10/12/2008, -1/+4We have seen the enemy... and it is BOSS
  • blitzkriegpunk, on 10/12/2008, -0/+3the 's' is for 'sauce', right?
  • Otnehs, on 10/12/2008, -0/+3Coming from "wiretapped" also known as Jim, or is that even your real name?!
  • inactive, on 10/13/2008, -0/+3Who didn't know this already?
  • Giga, on 10/13/2008, -0/+3This is a perfect example of Hanlon's Razor.

    "Never attribute to malice that which can be adequately explained by stupidity."
  • anonysumo, on 10/13/2008, -0/+3"And post our contractor's VPN login on the computer so anyone can get it back online (after messing with something they don't understand, of course). And do we really need that MAC filtering on the wi-fi? (because I couldn't get my laptop online to access myspace when I was here Friday evening). And I've set your department's email login and password both to the department's initials."

    Completely defeats the purpose dunnit... Thanks boss, at least my work is secured. Can't say the same for yours. Enjoy your ease of access.
  • czeman, on 10/13/2008, -0/+3That was random.
  • seltaeb4, on 10/12/2008, -0/+3sometimes just for the lulz...
  • inactive, on 10/13/2008, -0/+3@secrity, uh duh? You do know there are IT shops that a run like sh*t, right? You do also know that a lot of times companies think they can't afford DR or any kind of fail over.

    I'm not saying it's right, I'm just saying your post is common sense that any sys admin worth their salt should know and it's typically business processes that keep it from happening.
  • czeman, on 10/13/2008, -0/+3I bet you're the life of the company Christmas party.
  • secrity, on 10/12/2008, -1/+3/s ?
  • arekkusu, on 10/13/2008, -0/+2I'd add the marketing department to that list.
  • blitzkriegpunk, on 10/12/2008, -0/+2YOU ARE FALLING TO YOUR DEATH!
  • csrster, on 10/13/2008, -0/+2Duh, indeed. It is pretty-much common wisdom in the digital preservation world that human error is the single biggest threat to data integrity, and I don't see why it would be any different in the commercial sector.

    There is a bit of confusion though, both here and in the original article, between data _losses_ and data _leaks_ - a rather significant distinction.
  • secrity, on 10/12/2008, -2/+3There is no excuse to lose more than 24 hours of data, and if it is critical data, that time period should be vastly smaller. Data should be backed up at least daily and the backups should be tested. Important databases should be mirrored at a disaster recover site.
  • ScottDaMan, on 10/13/2008, -0/+1User error and user boredom can result in a loss of data, productivity, and much worse. It happens more often than people realize.

    Spectorsoft puts out software to help with this and another product called NetVizor can help as well.
  • Onyxblaze, on 10/12/2008, -1/+2*****.
  • seltaeb4, on 10/13/2008, -0/+1wiretapped, you're the kind of boss who your colleagues loathe and your subordinates dread...
  • czeman, on 10/13/2008, -0/+1CEOs all over America share you sentiments. "I could multiply my ten times if I could just lay off all the employees!"
  • seltaeb4, on 10/12/2008, -8/+9Most corporate data loss is caused by Microsoft Windows.
  • SupaFupa, on 10/13/2008, -0/+1The last chart in this article, the centerpiece of his argument, shows the percentages of the "most likely causes of data breaches". The 5 seemingly mutually exclusive categories account for 146% of data breaches. Sort of takes the air out of the 75% argument.
  • crossmr, on 10/13/2008, -0/+1That's not quite true. The largest individual cause of loss is employees (last time I worked at that kind of place I was told around 36%, that was a few years ago). That means 64% comes from somewhere else, just no single source.
  • garrett2399, on 10/13/2008, -0/+1It seems that to prevent data loss we need to spend more money educating employees or offer harsher punishments for negligence. At my school if you leave your computer unlocked when you leave your desk you risk getting in serious trouble. I believe they do this so when you get in the workforce you understand the importance of information security.
  • twigboy, on 10/13/2008, -0/+1i laughed when i realised the company in this article was one which my friend was working for...
    who is pretty bimbo'ish when it comes to computer related stuff
  • snoox, on 10/13/2008, -0/+1and terrorists!
  • dwalker, on 10/13/2008, -0/+1The danger comes from within...
  • Nicoon, on 10/13/2008, -0/+1<3 Office Space
  • grumpyrain, on 10/13/2008, -0/+1Is that you Robert'); DROP TABLE students;--?
  • darkmagician777, on 10/13/2008, -0/+1Computers don't make mistakes - the people who use them do!. Like the guys who don't know how that porn got on their computer!
  • Pecheckler, on 10/13/2008, -0/+1Companies that use Macs are either very very rich and have little to lose from an information security breach, or had an executive make a very bad decision against his or her I.T. departments objections.
  • digitex, on 10/13/2008, -0/+1Employees indeed are the real "hackers". But employer still needs them, too bad.
  • Fetching more discussions...
    Show 51 - 66 of 66 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.