12 Most Frequent InfoSecurity Violations

1. Writing down the password on the monitor, computer and other nearby objects

According to experts, it’s the most common violation, one in five employees do this frequently.

Memo: Do ​​not write down the password in accessible places, do not say passwords aloud.

2. Computer left unlocked

All the most expensive means of protecting information will not help if someone outside can simply use such a computer with open access to company information.

Memo: Require employees to press the Win + L key combination each time leaving the workplace.

3. Opening e-mail and other phishing messages

Trust and curiosity are inherent in the very nature of man. An email with an intriguing title makes even reasonable and responsible people do something stupid - open a file that came from an unverified source. Remember that opening emails from strangers can lead to malware infection on your computer. Around the world, billions of dollars are spent repairing damage caused by phishing attacks.

Memo: Do not open letters from unverified recipients.

4. Simple passwords, rare password upgrade

Often, employees use simple sets of consecutive numbers or letters as a password. Regular password change is not used often. However, experts have found that the regular change of the passwords used increases the reliability of protection by 30%.

Memo: Choose passwords that are difficult to guess; only complex combinations of numbers and letters; change passwords regularly.

5. Loss of portable personal devices

Laptops can store large company secrets in their memory. Due to their small size, they are highly vulnerable to loss, theft and other illegal actions.

Memo: Exercise caution when handling portable personal devices, treat them as a repository of important documents, and consider using access control software. There are also a number of software solutions to prevent the leakage of confidential information when the device is lost.

6. Excessive talkativeness

Often conversations on business topics using confidential information take place outside the office premises (in the cafeteria, elevator, gym, etc.), where they can be easily heard by strangers. Avoid discussing business matters outside the office, and when discussing confidential matters, make sure no one is eavesdropping on you.

Memo: Prevent such cases, write down penalties in the non-disclosure agreement of trade secrets in case of revealing the fact of leakage of confidential information.

7. Connection without protection

Connecting to external networks via modems is very dangerous, bypassing the means of protection (Firewall and other general security measures). This creates the prerequisites for intruders to penetrate the corporate computer network of the company.

Memo: Before connecting to external networks, contact an information security specialist to resolve all issues related to protecting the company's information resources.

8. Hiding facts of information security violation

You may not be very familiar with the general information security policy, but it is important to be clear about what you can and cannot do. It is necessary to immediately inform the management of any facts of violation of the information security policy that become known to you.

Memo: Remember that the success of the company depends on the speed of action to prevent security incidents. Require employees to report such facts when they are identified.

9. Delayed reaction to changes in the environment

Vulnerabilities that can lead to security incidents are regularly discovered in general and application software.

Memo: It is important not to postpone appropriate software upgrades until later, as this can cause serious losses for the company.

10. Personal responsibility of employees

Most security incidents (up to 95%) arise from the actions of the company's own employees, its partners and contractors.

Memo: Remember that any information that falls into the wrong hands can be misused and can damage its reputation. All members of the team, as well as our partners, must understand the importance of ensuring security when handling information that is entrusted to them.

11. Connection of third-party storage media to the enterprise network

Most security incidents arise from the rash actions of the company's own employees. It is strictly forbidden to bring to the workplace and work on computers connected to the company's network, any personal storage devices (disks, flash drives, etc.).

Memo: All team members as well as partners must provide protection against malware. Use only media that is owned by the company and has been tested for safety.

12. Using "side" software

Entrepreneurs often save on licensed software and work on pirated software. The law was adopted long ago and every day the chances of its activation are growing. Unscrupulous competitors can take advantage of this.

Memo: You should be aware that today there are many ways to obtain ownership and use of software on a legal basis and for a reasonable price.

The DLP system will help to cope with violations not related to the human factor - a software solution that is aimed not only at preventing leaks of confidential information, but also at monitoring employee loyalty.

Modern DLP SecureTower from Falcongaze, for example, provides full control over all communication channels (cloud storage, telephony, e-mail, visited sites, network and local printers, etc.) and also conducts a comprehensive analysis in several aspects:

- content analysis;
- statistical analysis;
- analysis of connections between employees;
- analysis by digital prints;
- search for masked data, etc.

SecureTower provides a complete picture of the working day of employees, as well as automatic control of all actions and violations, providing a flexible reporting system, including through a graph analyzer. Video and audio monitoring is also included in the functionality of the system, the program can connect to a computer, watch the screen, and also record from the computer screen and microphone.

The SecureTower DLP system

  • Data leak protection
  • Staff efficiency and loyalty monitoring
  • Identification of potentially dangerous employees (risk analysis)
  • Busines communications archive maintaining