July 24, 2014
Here are some possible scenarios that could result in data loss from within your organization:
- An employee leaves a PC unattended during lunch. Another worker moves in and saves a sensitive file onto a floppy disk. Without a timed lockout—usually in the form of a screen saver that requires a password for re-entry—the system is essentially public. What’s more, there’s no way to trace the crook—since the evidence points to the worker who’s out to lunch.
- A trusted outside consultant usually uses a computer to check e-mail. Instead, she uses a stolen password to log onto the system and access key files. Requiring a change of password every 30 days could’ve prevented the situation.
- An information technology (IT) manager peruses through private employee records and other confidential data simply because he has access to the system. The breach could likely have been prevented by using encryption and ensuring that all IT professionals require a digital key (which they have to request on a one-time basis) to open certain files.
- An HR manager deletes a group of sensitive files, but they somehow turn up in the hands of a competitor. The seemingly impossible event can take place because a deleted file remains on a hard drive, without the filename, until it’s erased or overwritten. Without a "wipe" delete, another person can "unerase" files and steal the data several days, even weeks, later.
- An employee loads a program onto her computer and the entire network crashes. A virus destroys data and erases the hard drives on several PCs. The entire debacle could have been prevented if antivirus software had been installed and the employee knew that loading software onto a PC wasn’t allowed.
Workforce, May 1998, Vol. 77, No. 5, p. 56.