Study Says Employees Are Exposing Co-Workers' Personal Information

Reconnex Insider Threat Index confirms employees' personal data and P2P file sharing use puts companies at serious risk


MOUNTAIN VIEW, Calif. - Enterprise risk management systems company Reconnex has released statistics from its second monthly Insider Threat Index(TM). The study revealed that exposure of employees' personal information and peer-to-peer (P2P) file sharing are commonplace in corporate America, putting companies at serious risk. This month's index was compiled from over 1.6 terabytes of blind data statistics gathered from Reconnex's e-Risk Rapid Assessments performed during the month of July at a variety of U.S. businesses and government agencies.

Since last month's Insider Threat Index was published, CardSystems became the latest corporate victim of identity theft when personal data from about 40 million customer credit cards were exposed. As a result of this breach, Visa and American Express terminated their contracts with CardSytems. Visa performed an internal review of CardSystems' processing practices, and found that the company did not have the appropriate controls in place to protect cardholder information. The information compiled by Reconnex in this month's Insider Threat Index shows that lack of appropriate controls is a hidden threat to many organizations. Without technology in place to monitor for these types of hidden threats and the ability to provide a complete forensic trail after a breach, organizations remain exposed.

Exposed Data
Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had exposed credit card numbers entering or leaving their network and eighty-two percent exposed social security numbers. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation, and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN), and even bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometime the Excel spreadsheets contained thousands to tens of thousands of individual's personal data per spreadsheet.

"These latest statistics are alarming, but the terabytes of data we've been able to compile shows this trend of exposing employee personal data is commonplace," said Donald J. Massaro, president and CEO of Reconnex. "Our customers have been able to remediate these risks because they now know how it is happening in their organizations. In our 48 hour e-Risk Rapid Assessment, Reconnex provides hard data that highlights the exact exposures and provides a complete forensic trail, allowing our customers to rapidly remediate these risks to the root cause rather than remain exposed, protecting their customers' and their employees' personal data."

P2P Is Commonplace
Eighty percent of the Reconnex assessments conducted in the month of July detected common P2P file-sharing protocols, such as BitTorrent, Gnutella, eDonkey, and WinMX. These companies were able to quickly remediate the risks P2P file sharing creates including:

-- Lawsuits and liabilities-Peer-to-peer protocols are commonly used for one thing -- to illegally distribute copyrighted materials. If copyrighted materials are shared over your network inappropriately, statutory damages could be as great as $150,000 per occurrence of willful infringement.

This content continues onto the next page...