Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

Given the wave of high profile cyberattacks in the news, one might think data breaches happen no other way. Unfortunately, having sensitive company information fall into the wrong hands does not require breaking through a firewall. Many of your employees, who have greater access to sensitive data than ever before, are at risk of unknowingly leaking information.

According to a recent Ponemon Institute report, 71 percent of employees surveyed reported they have access to sensitive information that they don’t need access to. [1] Often times, such information includes:

  • Customer lists and contact information
  • Intellectual property, proprietary research, designs, formulas, or software
  • Confidential information about customers, employees, and business partners

Today, much of your company’s sensitive information is stored electronically. Uncontrolled access to sensitive data and the bring-your-own-device (BYOD) to work movement have created a sizable problem for organizations to contend with, in addition to advances in technology. Here are five technologies your employees may be using that put your company at risk.

  1. Personal Mobile Devices. Driven by a desire to improve employee productivity and satisfaction, most companies allow their employees to use their personal phones and tablets for work. Aside from the vulnerability of loss or theft, these devices are often used with unsecured public WiFi networks and loaded with malicious apps that do more than users are aware of, including steal information (19%), track the user (22%), pose traditional threats (26%), send content (13%), and reconfigure the device (13%) [2]. 
  1. Personal Email: With the typical “9-5” job becoming a thing of the past, it is not uncommon for an employee to work from home after hours. For employees with access to personal email accounts from internal computers, data can be forwarded to an outside server in a matter of a few clicks. In fact, a study conducted by Cisco found that 46 percent of workers who work remotely admit to transferring work files to home computers.[3
  1. USB Flash and Portable Drives: Capable of holding hundreds of gigabytes of data, flash drives are easily accessible (and easily lost or stolen) data storage devices. Flash drives are routinely used by employees to take copies of projects and documents they worked on with them when they leave an employer—oblivious to the fact that such actions are unethical and within some companies unlawful. A Symantec study claims 56 percent of “leaving” employees believe it is okay to take information with them when they vacate a position and to use the data at a competing organization. [4
  1. Online or “Cloud” Storage: From Google Drive to DropBox and iCloud, a variety of public, cloud-based storage options are being used by employees to house company files. A 2014 Harris Poll found that 44 percent of working Americans use the cloud, citing easier file sharing, coworker collaboration and file organization as some of the primary benefits. [5] Mixing corporate and personal data increases the chance of a security breach. 
  1. Laptops: Whether traveling to and from home, to a client or conference, and even while on vacation, the American worker commonly brings along his or her company-owned or personal laptop to work remotely. Aside from the threat of having an electronic device stolen, sensitive data on laptops can be easily accessed through unsecure WiFi networks or malicious malware unknowingly installed by the employee or a corrupt 3rd party.

How Companies Can Protect Themselves from Insider Threats

While stricter data access policies that limit who can see what information are helpful, unintentional leaks can still happen. Implementing and enforcing some proactive measures, including device usage policies and employee training, can dramatically reduce the threat of sensitive information being shared or stolen.

Review 8 Components to Develop a Successful Insider Threat Management Program:


Ollie Luba is a principal systems engineer at Leidos with 30 years of experience in analyzing, modeling and designing complex analytic systems for government and commercial clients. Currently, Ollie is the Product Manager and Technical lead for Leidos' insider threat identification solution. His educational background includes a BSEE from University of Pennsylvania, MSEE from Drexel University and a MS in Technology Management from the Wharton School/Penn Engineering. Ollie is based in Valley Forge, PA.