Promoting Data Security in the Workplace

411 11011 110 10101 010 ס1 ie וםם 1101 1100100 011 110 Promoting DATA SECURITY in the Workplace 0010001001000 00100111 11011 010 110111010 1010 110 11011 10 1011 1011 11011101011 11011 10T0 1010 1010 11010, 11011 1010 1010 011 1010010011101010010 101 011 1010 DIOOIO011 101101110 11011 11011 110111010 11011101011 1010 01010010 n101 D1001010010111001011011C 1001 011 Employees & Information Security in the U.S. 3% 1/3 <5 OF THIS PERCENTAGE DIFFERENT ASSWORDS 3% of U.S. full- time workers admit to re-using the same batch of passwords 50 TO ACCESS 80% WEBSITES online *25-50 personal and business sites of companies say that "end user carelessness" is the biggest security threat to their organizations 33% 75% of U.S. companies do not have a formal plan for responding to insider security incidents 43% of office workers upload work files to a personal email or cloud account of C-level executives 46 70% identify negligent insiders as the #1 greatest risk to sensitive data 0/% 75% of organizations view employee negligence as the greatest breach threat of IT professionals claim security policies are communicated to new hires of U.S. IT professionals have dealt with an employee accessing unauthorized parts of a company's network or facility Human error continues to be the biggest source of health care data breaches But only 28% of American employees say they received these briefings Top Mistakes Committed by Employees ****** Sharing passwords with others Not deleting information on their computers when no longer necessary Leaving computers unattended when outside the workplace Reusing the same password and username on different websites Carrying unnecessary sensitive information on a laptop when traveling Using personally owned mobile devices that connect Using generic USB drives not encrypted or safeguarded by other means to an organization's network Biggest Threats to Information Security: Senior Managers & Business Owners Oh no!! SENIOR MANAGERS BUSINESS OWNERS 58% 0% of senior managers have accidentally sent the wrong person sensitive information (vs. only 25% of workers overall) 87 of business owners regularly 70 upload work files to a personal email or cloud account 0/ of business owners continually 70 re-use the same passwords to log in to different systems of senior managers have taken files with 51% 0/ them after leaving a job – twice as many as office workers in general 63% Tips on How to Promote Security y Implement a written security policy Ensure physical access restriction to personal data 4 Conduct security awareness training to educate employees on acceptable and unacceptable behavior Destroy old data in a timely manner 8 in 10 U.S. IT professionals say their company do Company leaders should become vocal about security Percentage of Employees That Received Information Security Training 37% 42% received mobile device received information security training sharing training Current State of BYOD (Bring Your Own Device) DI011101D11011101011 1010 1010 II011 10100 1011 11 011101011001001101100010110100101001 IO1 1010 1010010011101010010 10100 1DI 1 D100011 ' 101001 DO 11011 101110101 1 1I011101011001001101100010110100101001101 010 11011 Io0o 11011 10IO 10I0 _ 11011| T010010 I011 1111011 00100010 11011 D10 D0 0I010010 0010010001011011001000 0001 11011I01011 11011 1010 1010 11011101O 100111010100190100 1וDוםו ודוו ם ןפמו ו11 וDו l ו 1םדו 110101001O 01000100100 1010 1010 g0100 1 0010001 0001010 100 11011 00 d1101u 110111010 1010 10011101010010 1010 101 O 110111010111 11011 11011 1101 101 1I01 01111011101011 DDIOODT 1010 1D10 110ib1110 1 Dd10 1010 01O I011 RID 011 1010010011101010010 DIDI1 11010 10001 110111010 011 001001110101001OI101,OIO - 011 1010 101110101 1 110I 10100100111010100tobta bbY18.010 T 11011 011010010100 1 110LlooIo011101010010 1010 1011 110110IR 11011 01011 1010 11D111010 11011 ??o1110r1T0I011011 0110111011 201011010010100110111 .,( b1ומו1ו1 1I011101110 1010 1010 1I0111 1101 11011 11011101011 1010010011101010010 1101 N01011 11011 0 e 110 O0101101001010 D0010110 100110 MI011011101100 J 101001 11011 10 11011101011101110 10011101 aniDi011101bP! 100100 1011101 T010010011I0101od930 10 1101I0IO11O11I01 01101001 ,םופסופ2 110111010,dioi 1001000 1101101019010 The increase in security 11011100 F18strategies for employee use of personal devices set by U.S. businesses for the next 12 months 64% 40% 15% of organizations consider mobile device insecurity as one of their of employees believe they have no to minimal responsibility to protect data stored on their personal devices biggest security concerns Information Security & Bring Your Own Device Recommendations ילכוt DS] I ] ו.ו1/ Diae Ensure data leakage protection (DLP) to control which data mobile employees can transmit through BYOD and prevent the transfer of regulated data from a secured to an unsecured app DD 1 00 101 orbAbior, TIDIOPIIDdororo100 0101 r00101 rooror001orto10001 foT roprorr rorI vorr oroprOIOTT JODI101100100 D10DIO1011100100TO1|| 1011 ooIo 10001001000100TTOITOIIO00T00100 11010111011 11011 OororTI00100101 Tiororriorn 11011 D11 11011 TI0101|1O||| DIOI000100010O DI0 DI01 1101011101 0101 T011 D100101011100100101 Password required DI001dorI00IO DIO DIO1 IDI011101 nOIDI01|10010 DD111011001010010 1O1 D10010 Prevent employees from accessing data on unsecured (or jailbroken) devices or transmitting unsecured data using their own devices Demand extra security for employee-owned devices by requiring a password to access devices Train employees on the critical importance of adhering to regulations and potential consequences of compliance failures SOURCE EMPLOYEES & INFORMATION SECURITY IN THE U.S. http://tic-corp.com/blog/2013/11/rise-in-security-threats-increases-risk-pressures-on-it-and-business/emore-1137 | http://www.cisco.com/clenvus/solutions/collateralenterprise-networks/data- loss-prevention/white paper c11-499060 htmlwp900001 | http://en.community del.com/dell-blogs/delsolves/tweblog/archive/2012/08/30/human-error-the-largest-information-security-risk-to-your-arganization aspx | http://www swivelsecure com/ password-plague | http://healthitsecurity.com/2014/03/12/human-error-tops-ponemon-patient-data-security-study-threats https://www.americanexpress.com/us/small-business/openforum/articles/how-to-create-security-awarenes5-in-the-workplace TOP MISTAKES COMMITTED BY EMPLOYEES http://en.community.dell.com/dell-blogs/dellsolves/b/weblog/archive/2012/08/30/human-error-the-largest-information-security-risk-to-your-organization.aspx INFORMATION SECURITY BIGGEST THREATS e TIPS ON HOW TOo PROMOTE SECURITY http://www.pwC.com/gx/envconsulting.services/information-security-survey/download jhtml | http://www.pwc.comven_US/us/increasingit-effectiveness/publications/ assets/us-state-of-cybercrime.pdf | http://www.ibm.com/ibm/files/1218646H25649F77/Risk_Report.pdf CURRENT STATE OF B.Y.O.D. http://www.apperian.com/tacding-employee-disinterest-byod-security | http://www.pwc.com/gx/envconsulting-services/ information security survey/territory facus.jntml | http://www.pwc.com/guen/consulting services/information security surveykey-findings.jntmi B.Y.O.D. RECOMMENDATION http://www.cisco.com/clenvus/solutions/collateral/enterprise networks/data loss-prevention/white paper_c11-503131.html CREDIT Data Lock by im icons from The Noun Project; Cell Phone by Chris Kerr from The Noun Project, USB Flash Drive by Rafael Martins from The Noun Project; Chess by Juan Pablo Bravo from The Noun Praject, Folder with Document by im icons from The Noun Project Diaclaimer: The appeorance of Homar Simpson from The Simpaara ia for lustration purposes oniy Data compiled by: LB COLLAT SCHOOL OF BUSINESS Knowledge that will change your world http://businessdegrees.uab.edu/mis-degree