This past week's national and local news have both included accounts of employees being disciplined for allowing their curiosity to get the best of them. According to CNN.com, Verizon Wireless has fired an undisclosed number of its employees for accessing cell phone records of President-Elect Obama without authorization. In addition, on November 22nd, the Columbus Dispatch reported that four senior managers at the Ohio Department of Job and Family Services have been disciplined for improperly mining state computers for confidential information on "Joe the Plumber." Previously, Governor Strickland had suspended the OJFS director for her role in the incident.
These incidents demonstrate the privacy and confidentiality risks posed by a company’s own employees. Coincidentally, this week Cisco Systems, Inc. released the third in a series of white papers arising out of its global study of data leakage. Cisco's findings suggest that data losses caused by employee behavior -- whether malicious or inadvertent -- have the potential to cause greater financial losses than attacks that originate outside the company. Employee behaviors not only put customer (e.g. Obama) and general public ("Joe the Plumber") data at risk but also corporate trade secret information. The Cisco data suggests that, although it remains important to plug any holes in computer systems to protect against outside intrusions, employers should be spending more time addressing employee behaviors that are putting data at risk. For those who are interested, the Cisco papers can be found at http://cisco.com/en/US/netsol/ns895/index.html.