Employee Access to Data Leaving Companies at Risk

July 23, 2019

Fifty-three percent of companies have over 1,000 sensitive files open to every employee, up from 41 percent last year, according to the 2019 Data Risk Report.

Fifty-one percent of companies found over 100,000 folders open every employee and 22 percent of folders were open to every employee.

Global access groups, such as Everyone, Domain Users, or Authenticated Users, give insiders and outside attackers that get in easy access to files inside. Globally accessible data puts organizations at risk from insiders, malware and ransomware attacks: it takes just one click on a phishing email to set off a chain reaction that encrypts or destroys all accessible files. The files analyzed included data subject to regulations like GDPR, PCI, HIPAA and the upcoming California Consumer Privacy Act (CCPA). Exposed data can cost companies: regulations like the EU General Data Protection Regulation (GDPR) penalize companies that fail to protect personal information that often resides in unsecured files and folder.

Key findings include:

17 percent (117,317) of all sensitive files were accessible to every employee.
58 percent of companies found over 1,000 stale user accounts.
53 percent of data, on average, was stale.
15 percent of companies found more than 1 million folders open to every employee.
Across the entire dataset, 22 percent of all folders were exposed to every employee, up from 21 percent last year.
80 percent of companies with over 1 million folders found over 50,000 folders open to every employee.
76 percent of companies found over 1,000 folders with unresolved SIDs.
58 percent of companies found over 1,000 folders that had inconsistent permissions.
27 percent of a company’s users had removal recommendations, and were likely to have more access to data than they require.
15 percent of folders were uniquely permissioned.
Only 5 percent of folders were protected.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Employee Access to Data Leaving Companies at Risk

Related Articles

Related Events

Report Abusive Comment