The Problem With Data Security is not the Hardware or the Software, It’s the Wetware

By Cynthia J. Larose, Kevin M. McGinty

Remember this?   weakestlink 

“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of Corporate Counsel (ACC).  Companies surveyed attributed data breaches to a host of human foibles, including lost laptops or devices (9%), “phishing” emails that induce employees to click on malicious links or open infected documents (12%) or simple “employee error” (24%).  A distressing 15% were classified as inside jobs.

The full report can be obtained from the ACC.

The ACC report highlights the paramount importance of employee training to a company’s data security program.  The strongest and most assiduously updated firewalls and malware detection systems cannot stay ahead of every newly-crafted piece of malicious code.  Training employees in best practices with respect to email and data handling provide an additional bulwark against threats that data security technology simply cannot root out.  It's no accident that the mantra of most data security professionals is "People, Process, Technology" - in that order.  

 

 

people-process-technology-Custom-3

Watch out for your weakest link!

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Authors

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.

Kevin M. McGinty

Member / Co-chair, Class Action Practice

Kevin is a member of the firm's Health Care Enforcement Defense Group and has significant experience representing health care–related entities in a variety of litigation matters, including contract, regulatory, False Claims Act and class action lawsuits. Kevin's health care industry clients have included pharmacies, PBMs, hospitals, clinical laboratories, diagnostic imaging providers, pharmaceutical companies and managed care organizations.