The biggest threat to a company’s financial details and other sensitive information may be the finance department itself.
That’s among the key conclusions of a study by cybersecurity firm Clearswift, which focuses on data loss prevention. The company conducted a study (with input from research firm Loudhouse) with responses from 500 information tech professionals and 4,000 employees. Of that tally, respondents said that both finance (as claimed by 46 percent of respondents) and human resources departments (39 percent of respondents) are thought to be the biggest threats to a company.
In terms of demographics, the study found that males in middle management positions within the finance department were among those viewed by their employers as “most likely to present an internal security threat, accidental or malicious.” While middle management bears the brunt of concern, a minority of respondents, or 19 percent, had similar cautionary views around senior management.
In a statement accompanying the announcement of the report’s findings, Heath Davies, CEO of Clearswift, said that “senior managers are generally in tune with the consequences of data loss, while junior people often don’t have access to the kind of data that can cause disasters. Middle-aged middle managers are in between — having access to the data but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure and so may be more inclined to take risks. This makes them more likely to make mistakes or even succumb to foul play.”
Mistakes, potential and realized, can run the gamut of sending personal data, such as salaries and Social Security information, to the wrong parties to the inadvertent installation of malware that exposes sensitive data, such as user passwords.
A vast majority of those surveyed — a full 88 percent of companies that were queried — said they had direct experience with a security incident within the past 12 months, and of that percentage, 73 percent said the incidents stemmed from people they knew, from past employees to suppliers.