Stop data leaks in the workplace

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.smh.com.au/small-business/smallbiz-tech/stop-data-leaks-in-the-workplace-20150909-gjifab.html

Our growing appetite to share almost every aspect of our lives online has
undeniably revolutionised the way we connect and maintain relationships
with friends and family. However, this increasing inclination to share, or
arguably overshare, has started to creep into the workplace and is creating
a very real problem for businesses. More and more employees are now sharing
sensitive information online or via email without understanding the
potential damage to the company if this information gets into the wrong
hands

In fact, the accidental leakage of sensitive data in the workplace is
becoming increasing common and can have very real consequences on a
business' revenue and reputation. The question needs to be asked; does your
organisation have the right security measures in place to keep up with your
employees sharing habits?

Up until recently, the answer was no for supermarket giant Woolworths. A
pertinent lesson that was learnt the hard way when a misdirected email
exposed the personal details of its customers and the redeemable codes of
over 7,941 gift cards, costing Woolworths a reported $1.3 million. To
Woolworths, the cost is likely to be small in comparison to its yearly
revenue, but the cost to its reputation is yet to be seen. It's this
reputation loss that could really hurt the supermarket's bottom line, if
shoppers react to the incident with their wallets.

For many small businesses, the recent Woolworth data leak probably didn't
raise alarm bells, but it should have. If Woolworths, a multi-million
dollar company that is likely to spend large sums of money on IT security,
can publicly suffer a massive data leak caused by a misdirected email, then
it's very possible it can and will happen in your own business. Many
cybercriminals are actively targeting small businesses as security is
typically less sophisticated and the crimes often go undetected.

Many small businesses have come leaps and bounds in recent years in terms
of IT security, implementing firewalls, intrusion detection and identity
management systems to keep intruders out and also to control access to
information within the business, decreasing or eliminating the business'
risk of a data breach but still struggle to keep up with ever changing
cyber threats.

While these measures are important, they cannot protect your business
against internal data leaks caused by an employee sharing content using
unauthorised applications, or accidentally forwarding confidential
attachments or misplacing unprotected USBs containing company information.
The balance between external cyber threats and internal leakage is evolving
rapidly.

Safeguarding your business from oversharing employees

So how do you know if your business is at risk of data leakage by an
employee who unwittingly divulges information?

Consider a simple five-question checklist, to help to determine how much
control you have over your own business' sensitive data:

- Do your employees use email as the primary method of sending information
back and forth both internally and externally?
- Do your employees utilise file sharing services such as Dropbox or Box?
- Do employees have more than one device, often blurring the lines between
personal and work devices?
- Does your business solely rely on firewalls to secure your sensitive data?
- Are you unsure what information is being emailed and shared by your
employees?

If you answered yes to any of the above questions, it might be time to
seriously reconsider your security approach – and we're not talking about
limiting access to information. The answer is to provide a secure
collaboration platform that allows employees to share data securely but
also have the ability to unshare and recover from data leakages.

Newer information rights management technologies will allow your business
to assign various permissions to content, such as granting read only
access, stopping screen shots or preventing the forwarding of information.
This technology also makes it possible to retract access to information,
even after it has been granted.

Today's leading collaboration and sharing solutions do not require complex
integrations or plugins, which makes them perfect for resource constrained
small business owners to deploy without a dedicated IT team. They have IRM
built into the platform so documents can be easily secured using simple
features within the user interface. IRM technologies are simple to deploy
and are cost effective – which are often the biggest barriers to technology
adoption within small businesses.

With so many companies, large and small, suffering embarrassing data leaks
recently – including our very own Department of Immigration – understanding
the sharing habits of employees and technology available to safeguard your
business is critical. Let's learn from the mistakes of others and take
action now, before it's too late.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!