Corporate networks contain a wealth of personal information which data thieves are always trying to get their hands on. There are accounting records, HR reports, salary files, vendor lists, customer records, credit applications and financial records; just to name a few of the kinds of information which data thieves can put to use. This information is all stored electronically and contains data like Social Security Numbers, names, credit card numbers and the like - all very desirable for those who would commit identity fraud.

There are three basic motivations which lead employees, to steal confidential information; these are:

1. Disgruntled employees - employees who want revenge due to a missing a promotion, disciplinary action, or job dissatisfaction. These employees are easy targets for criminals or hackers, who will bribe them for access to files and networks.

2. Dishonest employees - Criminals working inside a company as cover for their real purpose - to steal confidential information.

3. Careless employees - Employees who not properly educated on or simply don't understand the importance of security; or employees who must contend with such complex and convoluted security procedures that they circumvent security for convenience's sake.

Of these three types, we at Access Smart - the creator of Power LogOn(R)- believe that the "careless employee" presents by far the biggest danger to companies. Various security and network management tools can help to detect the first two types of employees. However, careless employees can easily give data thieves access to your company's sensitive information without even knowing it. Careless employees can also make it easy for disgruntled or dishonest employees to gain access to the information they are after.

More than 60% of data breaches are internal and are traceable to employees - some estimate this rate to be as high as 75%! While there are those employees who intentionally steal information for personal gain, most data breaches occur as a result of employee carelessness. In effect, these employees are unwitting co-conspirators in identity theft.

What are some of the seemingly innocent actions a careless employee might take?

1. Fail to practice proper computer and network password management.

2. Not shredding or otherwise securely disposing of sensitive emails, documents, notes, etc.

3. Storing un-encrypted confidential information on a computer, laptop or memory stick.

4. Sending confidential files to the wrong email address.

5. Falling victim to social engineering attacks.

When employees are asked why they have done any of the above, it almost always comes down to the same thing - it was more convenient.

1. Most people do not or cannot remember long, complex passwords.

2. Most people have too many different accounts that require a password.

3. Most people are overworked already and don't want security to keep them from meeting their deadlines.

4. Employees are rewarded for helpfulness, not for their security prowess.

Companies who have complex security procedures often have a false sense of security. While on paper, the company is doing everything right, they are implementing it in a way which leads employees to favor convenience over security - and thus circumvent security measures. For security measures to be effective, they have to be easy for employees to put into action; and employees must be properly trained in following good security practices.