Blogs

The Ends, the Means, and Security Risk Mitigation

By Steve Weissman posted 02-08-2012 11:53

  

A little over a year ago, I posted on the Top 10 Cyber Threat Trends of the day, one of which was “attacks via USB drives.” Well, new survey regarding SharePoint security has just echoed this theme, but this time the news is even scarier because the context is from the inside of organizations out, rather than from the outside in.

According to research from UK security risk mitigation firm Cryptzone, nearly 45% of users have copied sensitive or confidential documents from SharePoint to their local USB key or e-mailed it to a third party. When asked why they did so, 98% of those "fessing up" said it was either because they needed to send them to people without SharePoint, access, or simply needed to work on them at home – and 92% of them admitted that they knew doing so made the documents less secure.

If that's not bad enough, then consider this: a full 20% "justified this action by indicating documents copied out of SharePoint were not of a sensitive nature [and] a staggering 30% said that they were ‘not bothered if it helps me get the job done.’”

So what does this tell us? The best I can come up with is that people feel the end justifies the means, that it's okay for them to do it because, well, it's them and not some unknown evil hacker. But organizations, compliance officers, and, yes, information professionals cannot afford to take this view because the aggregate opportunity for a significant data breach is just so large, and the failure to enforce existing security policies is a litigation nightmare waiting to happen.

This is not a knock against SharePoint, USB drives, or e-mail, all of which obviously have their uses. But as with any tool, users must be trained to use them to support the forces of good. Otherwise, even the most robust of protections will end up being meaningless.



#SharePoint #Security #sharepoint #ECM #ContentManagement
0 comments
19 views

Permalink