Corner-office executives, IT pros and other so-called knowledge workers are supposed to be pretty smart, right? Dare we say trustworthy. Unfortunately, they are the leakiest of vessels when it comes to protecting sensitive company information.
Some employees maliciously spirit away data before leaving a company, while others absent-mindedly put data at risk by storing files on mobile devices that become lost or stolen or falling for phishing scams.
CIOs are to blame, too. More than a few companies still don't have a Bring Your Own Device (BYOD) user policy, enforce a governance policy, or require data encryption on mobile devices.
The end result of all this negligence: horror stories.
Take, for example, the nun nurses at financially strapped Daughters of Charity Health System in Silicon Valley. They're some of the worst offenders, falling prey to the online scam of helping a Nigerian prince in return for a big payday. No, they're not looking to become rich.
"The nuns want to use the money to help more of the sick and poor," Michael Day, vice president of information technology and strategy at Daughters of Charity, told me at a recent tech event in San Francisco.
On a more nefarious note, a survey of IT pros attending the 2014 RSA Conference found that nearly one out of five still had access to the IT systems of their most recent previous employer. Some had access to the systems of their previous two employers.
A stolen laptop can seriously expose a company. A couple of years ago, a contractor for Howard University Hospital lost a laptop with medical records of more than 34,000 patients. Last fall, a stolen unencrypted laptop from Santa Clara Valley Medical Center exposed medical records of 250,000 patients.
Average cost of recovering from a data breach is $7.2 million," says Jaspreet Singh, founder and CEO of Druva, an endpoint data protection company. "Requiring that data on devices is encrypted is an inexpensive way to reduce the risk of data breach."
Attorneys are some of the biggest users of rogue Dropbox accounts, storing sensitive documents there, a CIO told CIO.com. At another law firm, Dowling Aaron, CIO Darin Adcock had to institute strict BYOD measures to keep his company safe, earning him the nickname "Big Brother."
"If we end up on the front of the Fresno Bee because an attorney left his phone at the bar... the damage to your reputation could literally be millions of dollars," Adcock told CIO.com last year.
Data loss can do more than just harm a company. In the summer of 2011, an Oklahoma University researcher's laptop was stolen from her car, containing years of research on prostate cancer. The professor had not backed up the laptop's data. Gartner estimates 28 percent of corporate data is stored only on endpoint devices.
Sign up for CIO Asia eNewsletters.