Non Technical Threats to Data Security

Over the last few years, there has been a steady increase in the number of individuals and businesses who depend on information technology and data security. Those involved in the financial, medical and educational sectors are the ones most likely to hold confidential and sensitive data. Regardless, data security remains a priority across all business sectors with varying degrees of IT dependence.

Almost every company with a security policy takes steps to educate its employees about their security responsibilities. However, there remains a need to identify each potential source of data security threats. Organizations that experience a data breach can suffer the loss of existing customer confidence, damage to their brand and loss of future revenue from new customers that take their business elsewhere.

Aside from virus infections and software defects, the source of more than 90 percent of all breaches was the loss of information primarily from stolen laptops, computer fraud and confidentiality breaches, compromised database backups, mismanaged email and staff misuse of information systems.

Staff misuse of information systems largely vary in type between organizations. Larger organizations typically have more issues with employee misuse than smaller ones. The most common of these are web access for personal needs. Web usage vary from improper website content downloads and excessive web surfing. Internet usage is controlled through implementation of acceptable internet policies, restricted usage access to some staff members or completely blocking access to inappropriate websites. Whatever the chosen option, web access needs to be strictly monitored for spyware, spam and other suspicious items.

Email access for personal usage also affects data security. Confidential information may be compromised by accidentally emailing sensitive information to outsiders. As a result, more and more organizations implement standard scanning on employee emails and web downloads. Emails may be scanned for viruses, confidential information, unencrypted information and inappropriate content.

Removable media devices such as mp3 players, USB flash disks, digicams and portable hard disks and laptops are also sources of potential security risks. These ubiquitous items may carry with them sensitive information, and are easily portable enough to leave the organization. Theft of these items has remained the number one source of data security breach.

Computer fraud also constitutes computer use by outsiders and by own staff as well as access to organization's files through unauthorized use of company passwords. System failure or data loss are also one consequence of software bugs and computer crashes.

Data security breaches result in business disruption and may spell direct financial loss. Formal procedures need to be in place for incidence response and contingency planning to contain data security risks.