IT departments leak most data - usually on a Tuesday

Techies and customer service staff are first in queue for interrogation when sensitive information disappears, survey finds

IT staff are the most likely culprits when it comes to leaking sensitive company information, according to a survey on insider threats published by security firm Orthus this week, with those working in customer service not far behind.

"The insider is most likely to be from the IT or customer services department, uses a mobile PC rather than a desktop computer and more often than not will copy the sensitive data to the local hard drive and walk straight out of the door with it – or webmail a copy to themselves," wrote the authors.

Orthus based its findings on information extracted from data leakage audits conducted since 2006 on its own customer sites using remote agents: an estimated 500,000 hours of user activity within an unspecified number of mainly UK organisations employing 1,000 or more people.

The source of suspicious events was identified as the IT department in 30 per cent of cases, with customer services accounting for 22 per cent, sales 12 per cent and operations 10 per cent.

"IT and customer services should be the initial area of focus for companies looking to address the insider threat," wrote Orthus.

"HR/legal and finance came bottom of the list – clearly professionals in these areas are most aware of the confidential and sensitive nature of the information they handle daily."

The survey also found that mobile devices were responsible for corporate data leakage on 68 per cent of occasions (followed by web mail, removable media and corporate email), and that more incidents occurred during 9am and 5pm on a Tuesday than any other day.

The results may have something to do with Orthus's relatively comprehensive definition of "sensitive" information and how this was identified in each particular organisation.

Those surveyed were asked to designate specific folders where sensitive information might be stored, with the documents they contained scanned for specific keywords and/or phrases.

The type of information then discovered was grouped into personal (including customer data); financial; contracts and legal; sales pricing and competitive analyses; procurement and cost pricing; human resources (personnel data, CVs, staff photos, relocation programmes); board meeting minutes and notes; and miscellaneous client-specific information.