While it is often suggested that the biggest data security threat for an organisation is that of the nerdy, stereotypical computer hacker type maliciously breaking in to a secure network to upload nasty viruses or perform the crime of the century, this is really not the case at all. The biggest threats and concerns to an organisation's data security, in most circumstances, arise from a variety of internal sources.

As an organisation's operational boundaries continue to grow with increased adoption rates of mobile, handheld and wireless technology, the threats to data security from internal sources also increases as these devices move in and out the door without proper mechanisms for monitoring and control. These internal sources may include employees, partners, dealers and a Cadbury's assortment of other users which may have either authorised or unauthorised access to an organisations network and data storage.

Failure to recognise, address and manage these threats may not only risk data and information itself - the most valuable asset an organisation has, but also leave the company wide open to the possibility of litigation, bad publicity, reduced productivity, financial loss and crypting software damage to brand, reputation and goodwill that cannot be easily recovered from.

This article discusses ten potential areas for internal data security breaches which should be given priority and thought.

1. Portable Storage Devices
Portable devices such as solid state media and external hard disks, used either by an employee or a visitor with access to a workstation or server can easily be connected via a USB, Firewire or eSATA port. In most cases these devices are not documented or registered as part of the internal infrastructure and are therefore unsupported and unsecured. As a result there is a risk of unwanted upload of data to unprotected internal networks and workstations. In addition to this there is also the risk of the extraction, transportation and dissemination of sensitive data outside the organisation.

2. Devices Used Off-Site
Laptops, PDAs and mobile telephones access the internal network directly or via remote connections. If these are connections are configured and supported correctly, they can be very secure. However, the majority users of these types of devices are not always security conscious and rarely use the access control available with the device for easier or quicker access. So whilst the device is in the possession of the correct user there is minimal risk, yet if the device were fall in the wrong hands the same access that is afforded to the intended user is now available to the unauthorised user.

3. Inadequate or Out-of-Date Anti-Virus/Security Software
Majority of anti-virus vendors offer virus updates and software patches to their users over the Internet on a daily basis. If these are not kept up to date, then your data can be compromised unknowingly by a virus or another form of malware either from the Internet, email or outside media.

4. Software Patches and Updates
Downloadable patches and other software updates need to be trialled within an isolated test environment prior to internal deployment. These can pose a threat in two different ways, the first would be instability or in compatibility with the current system, this can cause inaccessibility or corruption of pre-existing data and systems. The second is the use of these channels for malicious users to distribute viruses and other malware through what was believed to be trusted sources