Data Loss Prevention Blog

Your Worst Security Threat Might Be Your Most Trusted Employee

To combat security threats to confidential data, many organizations invest much of their budget and technical resources on securing their network perimeter against malicious attacks from hackers and other outsiders intent on stealing information for nefarious reasons.

But the sad truth is that over half of the security incidents that occur in an organization are the result of inadvertent data breaches from trusted internal employees and NOT from highly skilled and financially motivated external adversaries. And the main source of those internal security breaches are data leaks via computer endpoints.

You may have set up state-of-the-art firewalls and perimeter defences to keep out hackers and malicious outsiders, but what about the well meaning employee who’s “taking work home” with files on a thumb drive, attachments sent to personal emails, or files placed on a private File Sharing site? Their priority turns to looking for ways around established policies to get their job done. “I was having trouble sending the file through our network, so I just copied it to my thumb drive and sent it from my Hotmail account. See, I’m being proactive at solving problems!”

99% of the time we applaud employees for taking the initiative, but when the thumb drive eventually goes missing and suddenly thousands of confidential records or credit card numbers are now available for the world to see, we have to really take the time to figure out ways to secure the organization’s confidential data without stifling employees or their productivity.

Better policies are certainly one way, but in the end, they really only provide the justification for your well intentioned and previously highly trusted employee to be disciplined. Policies can be misinterpreted, too complex, or even counterproductive to normal business practices. The common result is that data security policies are only loosely followed, intentionally ignored or are just too confusing to the point that employees do not know how to do their jobs without contravening the policy.

The reality is that a data security policy without technology based monitoring and enforcement is doomed to fail.

Endpoints such as desktop computers, laptops and other mobile computing devices are where your trusted employees spend a very large part of their work day. As such, endpoints are where your employees are most likely to inadvertently cause a serious security breach, so they need to be protected. It is just too easy and tempting to plug a thumb drive into a USB port to copy some files for working on at home or for transferring photos of the grandkids to your corporate computer so that you can look at their smiling faces every morning on the screensaver.

Both scenarios are, on the surface, benign. But just where did that thumb drive with the photos come from? Was it the one that your trusted employee found in the company parking lot? Was it primarily in use on their home computer with little to no verified protection from malware? Oh, and where did that thumb drive with all the client data go? “It’s got to be around here some place.” Or was it left in a taxi, restaurant, hotel, or even in a computer bag, purse or briefcase that ended up lost or stolen?

Fortunately, endpoint security is an area where policy and technology can combine to offer a solution.

DeviceLock has been providing the industry’s most trusted endpoint DLP solutions since 1996, and offers endpoint control and data leak prevention software to some of the world’s most security intensive environments that include healthcare organizations, government agencies, defense contractors, pharmaceutical companies, academic institutions, financial firms, and research centers in over 100 countries.

So the next time you are performing an enterprise risk assessment at your organization, spend as much time understanding the risks of people inside your organization as you do on assessing outside threats. Understand how employees use their computer, what devices they are plugging into it and what data is being transferred into and out of it.

Your most trusted employees just might be the crack in your organization’s armor that gets your firm’s name on the front page of the news, and for all the wrong reasons.

And when it comes to plugging data leaks in your endpoints, please come and talk to DeviceLock. DeviceLock pioneered DLP least-privilege technology and is the trusted choice for thousands of organizations, deployed on millions of devices worldwide. Our solutions combine state-of-the art device/port controls, network protocol stack data controls, content filter controls, key logger detection, and data search/discovery along with native integration via Microsoft Active Directory Group Policy console snap-ins in a highly configurable and easy to manage package.

To find out for yourself, you can trial the DeviceLock DLP Suite for 30 days by visiting our website at: For more information on DeviceLock’s DLP solutions, call us at 925-231-4400 or email to us.sales (at) to talk to one of our endpoint security specialists.