Technology, training, learning and development blogs
It’s no surprise that IT departments are the biggest source of data leaks
Bill Walker
Bill Walker is a key industry commentator on technology and its impact on businesses’ success. As commercial director of Xpertise, he spends a large proportion of his time talking to leading UK companies about their skills-development strategies, as well as working closely with the major software companies – including Microsoft, Oracle, Sun, HP, Red Hat and Citrix. Bill is also responsible for all enterprise sales and marketing activities within Xpertise. Bill sits on Microsoft’s CPLS Advisory Council in Redmond, WA. which sets the direction for Microsoft learning products and services.
Previous posts
- Should you upgrade to Office 2007?
Posted by Bill Walker
15 August 2008 - Windows Vista Service Pack 1 is when things start to get really interesting
Posted by Bill Walker
06 January 2008 - Well, do we want a faster Internet or don’t we?
Posted by Bill Walker
18 December 2007
RSS feeds
A recent survey showed that IT departments are responsible for more data leaks than any other part of an organisation – but this shouldn’t be a surprise.
Security company Orthus conducted this recent survey, and concluded that around a third of data leakages come from IT departments. The research found that ‘trusted users’ were the biggest source of data links:
- IT staff (30%)
- Customer service staff (22%)
- Third parties (16%)
- Sales staff (12%)
Does this mean that IT staff are inherently less trustworthy than other staff members? If anyone is drawing that conclusion, they need to look a little harder and think about the roles involved.
The IT department is probably the one department in the company, outside of the board, which has fairly open access to pretty much all of the company’s data – whether confidential or not – from every other department. It’s a normal consequence of the nature of the IT department’s remit – there’s nothing underhand going on.
However, it does raise some interesting security questions. As we’ve seen recently with the massive data loss by HM Revenue and Customs, it only takes a few breaches of an established security process to put priceless data at risk. (We’re told that HM Revenue and Customs did have a more secure process in place, it’s just that it was circumnavigated not once, but three times.)
What this means in the real world is that all organisations need to wake up to the fact that the IT department is often custodian to data that, if mismanaged, could bring the entire organisation down – worst-case scenario. It means that processes should be in place for managing that data – processes which cannot be skipped, circumnavigated, avoided or whatever.
IT teams aren’t less trustworthy than anyone else – but they are just as human and just as prone to error. Every organisation owes it to itself to ensure that the scope for error is either removed or reduced significantly. A great first step is to ensure that key members of your IT team have taken a degree of data security and privacy training that’s commensurate with the value of your corporate data – and that they work with management (at the highest level) to put in place systems and processes to reduce the risk of data leakage.