Loose lips trouble CISOs
Loose lips trouble CISOs

Employees openly discussing business outside of the office cause equal problems for businesses as data breaches.

According to research by Salamanca Group of clients' employees who are on cigarette breaks, in taxis and in lifts, there is often open discussion and revelation of company dealings and news.

Heyrick Bond Gunning, managing director of the merchant bank and operational risk business collective, said that people often do not think before acting; and as much as effort is put into technology, the human factor is tricky to manage.

He said: "It is because of loose lips where things get out. You can get a lot of information that is not achieved because of a penetration test. An initial reaction for businesses from clients was that quality information and intelligence was leaving the business and they have to tighten up on training.

“That doesn't cost much; it is about management and putting training in, and making sure that the contents of policies reflect the level of confidentiality of the company. If you get the confidence up to a standard, everyone starts listening.

“If you are happy to write something on a postcard and put it up downstairs, then you know that it doesn't need to be protected as much.”

Asked how this research was done, Gunning said that this was done with a client and while the employees were not wasting time, in large buildings it can take five minutes to get outside, so that is when information can be picked up.

Feras Tappuni, managing director of Si-SecureView, which formed Salamanca group in a joint venture, said: “Attacks are opportunistic and attackers are often snooping as they want to get in and stay on the network.

“They look at stuff, or see who has social networking accounts, and get in via employees' information. There is some business that people should know not to talk about in the community or on email, but that is the world we live in.”