subject: Staff Gains Unauthorized Access To Cloud Services. It Training May Improve It Security [print this page] Information security is crucial for the survival of any business organization. Bank and health service providers have databases containing personal and confidential information related to their respective customers and patients such as credit card numbers, social security numbers, date of birth, contact details, health insurance numbers and health protection numbers among others. Leakage of such data may not only put information and financial security of customers at risk, but also adversely affect the reputation of the concerned organizations. Recently, doctors at Veteran affairs hospital placed confidential patient data on a separate hosted service, without intimating the department of veteran affairs. Lack of knowledge concerning the threats prevalent in the IT environment is one of the major reasons for security lapses by employees. As IT has become all-pervasive, hospital administrators may provide IT training to the hospital staff to acquaint them on the threats emanating in the cyberspace.
The documents were reportedly placed in a yahoo web service. Such unauthorized use of private cloud services violates the IT security policy. Cloud computing can be allowed by organizations in a regulated manner. Unregulated use of cloud services can put data security risk. Such practices also enhance the possibility of insider theft. Organizations are also dealing with unsafe practices of employees such as use of personal emails to send confidential business information.
Organizations must conduct regular security assessments and audits to identify the weaknesses and violation of IT security guidelines by employees. Government departments can encourage employees to undertake security certifications such as penetration testing training to gain technical know-how on methods used for exhaustive assessment of the IT infrastructure. IT security specialists can also benefit from distance learning programs offered by security certification providers to individuals who cannot attend live classes.
Organizations must also implement security measures such access control to privileged databases and regular monitoring of employee logs to streamline information security. The rapidly changing security environment has made it inevitable for organizations to give high emphasis to IT security.
