Employee missteps among top causes of data theft, says survey



MANILA, Philippines – Employee error is one of the main causes of internal IT security incidents which lead to the leakage of confidential corporate data, according to the findings of the Global Corporate IT Security Risks 2013 survey.

The survey was recently conducted by B2B International in collaboration with Kaspersky Lab, an online security company.

Although vulnerabilities in software used by company staff in their daily duties is one of the top reasons behind internal IT security incidents (with 39% of companies reporting this issue), the volume of different types of incidents taking place due to staff errors is equally high, the survey said.

Four out of five types of internal IT security incidents that took place at companies were closely related to erroneous employee actions, it said.

Approximately 32% of respondents reported leaks that took place as a result of employee mistakes. A slightly lower number of companies — 30% — reported incidents involving the loss or theft of mobile devices at the fault of an employee.

Intentional leaks were committed by employees at 19% of the companies participating in the survey. Incidents were caused by incorrect use of mobile devices (via mobile email clients or text messaging) at 18% of the companies surveyed.

At the same time, an average of 7% of respondents reported that employee actions were the cause of leakages of critically confidential information pertaining to company operations, the survey said.

Most often, leakages of critically sensitive data occurred when employees were at fault over the loss or theft of mobile devices — 9% of respondents reported these types of incidents, it said.

A comprehensive approach to a complex problem

Kaspersky Lab said these types of incidents can be eliminated – or at least the risk can be minimized. The security company said it can be done by taking a set of measures, including educating employees about IT threats, and developing, putting into place, and overseeing the enforcement of appropriate security policies within the company.

Another key step is the use of specialized security solutions, such as Kaspersky Endpoint Security for Business.

As a top-quality security platform, this Kaspersky Lab product includes a component that protects both desktop computers and mobile devices, and also offers the ability to effectively manage them.

The possibilities offered by this platform provide not only a top level of security for a corporation’s IT infrastructure, it will also help enforce a company’s IT security policies, and even compensate for them in the event that no such policies are in place.

Get Inquirer updates while on the go, add us on these apps:

Inquirer Viber

Disclaimer: The comments uploaded on this site do not necessarily represent or reflect the views of management and owner of We reserve the right to exclude comments that we deem to be inconsistent with our editorial standards.

  • kismaytami

    This ain’t news, but advertisement. Who knows if karpesky’s products also steal information from your device?

  • Lucky Luciano

    Hackers love their fake Starbucks/SM SSID and Wireshark…… All they need is a sucker who loves to connect on every public WIFI connection they can tap to.

    While some innocent looking guy is listening/scanning every GET and POST calls on his WS GUI.

To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.

Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:

c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City,Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94


editors' picks



latest videos