In the hands of uninformed, careless, or disgruntled employees, every device that accesses the company network or stores company data is a potential risk to its intellectual property or sensitive customer data, according to a Cisco Systems White Paper.

The Cisco findings show that “insider threats” have the potential to cause greater financial losses than attacks originating outside the company. The white paper points out that: 33 percent of IT professionals were most concerned about data being lost or stolen through USB devices; 39 percent of IT professionals worldwide were more concerned about the threat from their own employees than the threat from outside hackers; and 27 percent of IT professionals admitted that they did not know the trends of data loss incidents over the past few years.

Cisco points out that the insider threat is not necessarily the “rogue” employee: “Employees are insider threats if they speak loudly about confidential project plans while on the phone at the airport. A lost laptop containing company information can become an insider threat if it is recovered by an outsider with malicious intent.” Among other efforts, Cisco recommends that companies foster a security-aware culture in which protecting data is a normal and natural part of every employee’s job, and not an additional task that is perceived as a burden or contrary to other goals.