۲۰ دلیلی که اطلاعات سازمانی از بین می‌روند

از بین رفتن و یا به بیرون درز کردن اطلاعات سازمانی به اندازه تعداد افرادی که به آن‌ها دسترسی دارند متنوع است. علت عمده از بین رفتن اطلاعات و داده‌ها و یا نشت امنیتی‌ این گونه اطلاعات خطاهای انسانی خواسته و یا ناخواسته است. علت عمده این خطاهای ناخواسته بر خلاف تصور عمومی ندانستن و عدم وجود دانش نیست، بلکه سهل‌انگاری و تنبلی باعث ایجاد خطا و بروز نشت اطلاعات و یا از بین رفتن اطلاعات می‌شود.

در نوشته ۲۰ روشی که بانک اطلاعاتی شما از دست خواهد رفت، CREDANT این موارد را بیان کرده است:

  1. Employees able to access a database regardless of their need to do so, with sight of complete records including information that they do not necessarily need to see
  2. Unrestricted downloading of the database to removable media
  3. Employees able to print individual records, or even the full database, in hard copy format
  4. Employees able to access records, in undefined quantities or for unlimited periods of time, providing the opportunity to make a written copy
  5. Records, or even the entire database, altered or deleted
  6. The full database, or individual files, emailed as an attachment
  7. The full database, or individual files, uploaded to an external storage facility/website or a hosted document storage and management solution.
  8. Loss of external or portable media (memory sticks, CDs, laptops, etc) that contain unencrypted information, often during travel.
  9. Misplaced, or stolen, devices (laptops, blackberries, etc) used as a back door to the corporate network
  10. Secure employment for the purpose of having unrestricted access to confidential data with criminal intent
  11. Existing employees being coerced into removing data for financial gain
  12. Ex-employees who have not had their access rights revoked
  13. Photocopy hard copies
  14. Over the shoulder screen theft from mobile workforce
  15. Writing down, or even sharing, passwords
  16. Hacked WiFi networks – even with passwords
  17. Use of non-alphanumeric passphrases and passphrases of eight or less characters – which can be cracked in a few hours
  18. Use of unvetted external contractors or companies
  19. Use of vetted external companies on contracts without remediation/penalty clauses on responsibilities for when things go pear-shaped on the data security front
  20. Failure to use encrypted back-up storage media

دیدگاه‌ خود را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

پیمایش به بالا