Is Your [Insert Title Here] Putting Your Organization at Risk?

By Fortra's Digital Defense

More than half of organizations attribute a security incident or data breach to a malicious or negligent employee[i]

Every business has at least one.  One person, group or division within the company that bends, breaks, or outright ignores the information security rules, potentially placing the company at risk of a breach. Many CIOs I’ve talked to over the years have shared internal security threats with me and the information security challenges they face because a certain subset of their user population refuses to play by the rules.

Did you know, only 35% say senior executives think it is a priority to ensure that employees are knowledgeable about how data security risks affect their organizations, and 60% say employees are not knowledgeable or have no knowledge of the company’s security risks[ii]

Healthcare

Walk into any hospital or clinic and talk to their CIO or VP of Information Systems and ask about the employee support of security indicatives and you’ll hear the same comments made over and over.

  • “The [ Insert Title Here ] never want to stick to the practices that we put in place.”
  • “They want to use easy passwords, don’t want to lock their computers or tablets.”
  • “They do not follow any of the rules we put in place.”

This is unfortunate.

Given the criticality and complexity of hospital networks and the growth of network connected diagnostic equipment (IP addressable X-ray and MRI machines, etc.), it’s hard enough to keep sensitive data secure. Having employees within an organization skirt the rules only makes a challenging job even more difficult. The result is causing many who work in IT to throw up their hands in frustration or worse, leave the industry all together.  Why? They see the writing on the wall and they don’t want to be the one in charge when the hospital or clinic is audited and unable to achieve HIPAA compliance.

Banking

The banking industry has its fair share of challenges.  Even though GLBA has been in place for years, there are still individuals that want to take the easy route when it comes to information security in the financial institution.  I’ve seen banking and credit union CIOs do everything in their power to make the institution compliant with the tenets of GLBA and other regulations (federal and state), but to no avail.  Just when they think they are in a good place, they hear from [ Insert Title Here ] that the requirements are just too stringent and that they receive push back and requests loosen the controls so that they aren’t so arduous.

Legal

While not as heavily regulated as healthcare and banking organization, law firms have their own set of privacy rules and regulations such as keeping intellectual property and other sensitive information safe from prying eyes. In an environment where privacy and secrecy are valued above all else,[ Insert Title Here ] can still be the bane of law firm CIOs.  Much like their counterparts in healthcare and banking, certain employees often find the use of strong passwords and other security measures to be frustrating to deal with on a recurring basis.

Some staff members want the technology to work without to deal with stringent security measures put in place by the CIO or head of IT.

Addressing the Issue

Healthcare, banking, and legal are not unique!  Unfortunately, all businesses have a [ Insert Title Here ], regardless of the vertical they operate in.  So the real question is … what to do to fix the situation?

Here are a few best practices to get you started:

  • Improve information security training
  • Gain top level support from board members and senior management
  • Communicate common information security mistakes and real world data about how breaches occur and how they could have been avoided
  • Share statistics on how a breach could impact your organization

By increasing awareness you stand a much better chance of putting controls in place that are actually adhered to by [ Insert Title Here ].

 


[i] https://www.darkreading.com/vulnerabilities---threats/employee-negligence-the-cause-of-many-data-breaches-/d/d-id/1325656

[ii] https://www.experianplc.com/media/news/2016/dbr-ponemon-institute-managing-insider-risk/

 

Get a Customized VM Quote

In the cybersecurity industry, one size doesn't fit all. See which level of security coverage you need and get a quote based on your organization and industry.

Get a Quote

Share This