Beware Humans with Computers!

At a recent presentation to state risk managers in Olympia, representatives of the law firm BakerHostetler, which includes a number of attorney’s who specialize in resolving information security data breach issues, identified that cyber attacks using Phishing and Malware  was the cause of 31% of the more than 300 data security incidents the firm handled nationwide in 2015.  This is not much of a surprise given the recent increases in the number of these types of attacks.

The second highest category identified at 24% was Employee Action/Mistake, which includes failures of employees to follow organizational policies resulting in a data breach.

Interestingly, the next highest causes of data losses include other categories which also have significant ties to how authorized users interact with information technology and the data stored and manipulated with that technology.  These include: Loss or Theft of a Device (17%); Vendor/ Contractor Actions (14%); Internal Employee Theft (8%); and Lost or Improperly Disposed Data (6%).

These statistics show that the human component of data protection is significantly more important with regard to modern IT security issues than is the technology component.

The underlying source of ALL of these top kinds (92%) of data breaches can easily be attributed to the authorized users of the compromised data and either a deliberate disregard for organizational policies or a lack of information security awareness on their part.

Clearly, it is important for each of us to understand that we each need to constantly protect the college data we access during the course of our daily work, and to ask questions of our supervisors when we are not certain how best to do that.

The college has published a number of policies and procedures related to technology use by college employees and the protection of college data.  Here are links to a few of those current documents:

Take some time this week to update yourself on the information in these important documents and, as always:  Safe Computing!

Leave a Reply