May 11, 2009, 11:16 AM — With more than two decades of security audits under his belt, Networks Unlimited President Harry Segal has seen it all. Here are the most common violations he encounters.
1. Users sending confidential files to their personal e-mail addresses. Oftentimes, employees will forward sensitive documents to their Hotmail or Gmail accounts so they can work on the files from home. However, more often than not, they use unsecured methods rather the company's VPN.
2. Companies allow users to decide whether to encrypt attachments. Rather than employing automated tools that apply policies to secure attachments, companies rely on their employees. This results in employees avoiding the extra steps to secure it or not realizing that the document is indeed confidential.
3. Organizations do business with providers that allow for data leakage. Too often, companies exchange sensitive information with business partners that don't take the extra steps to secure data. For instance, your HR team might use a background checking service that requests sensitive information about prospective employees such as their Social Security number and address without insisting it be encrypted.
