Is Your Data Leaking?
In today’s business environment, everyone knows to watch out for hackers. However, data leakage and loss from negligent file sharing is becoming just as significant a risk as data theft. Popular applications like Dropbox and Box do increase productivity and make collaboration easier. However, being able to securely share sensitive corporate data is a critical requirement for all organizations. The truth is, more and more valuable company information is being shared outside the organization, often without the knowledge or approval of CIOs, IT managers or supervisors, etc. Companies are often not responding to the risk of ungoverned files-sharing practices among employees as well as with external parties (business partners, contractors, vendors, etc.).
Many organizations are more vulnerable to data loss and non-compliance than they may think. Weak process control, an inability to govern how data is shared and weak file-sharing technology creates the perfect
storm for data loss, data leakage, and non-compliance.
What you can do: conduct regular yearly audits to determine if document and file-sharing activities are in compliance with laws and regulations.
What you should do:
Establish a clear policy for the adoption and use of cloud-based file sharing/file sync-and-share applications.
Maintain clear visibility into the file sharing/file sync and share applications used by employees at work.
Exercise the ability to manage and control user access to sensitive documents and how they are shared.
Educate employees annually of the risks of data loss and data theft.
Employees throughout the organization can be negligent when it comes to data sharing and collaboration. Here are just a few examples of risky behavior:
Sending unencrypted emails.
Failing to delete confidential documents or files as required by company policies.
Accidentally forwarding files or documents to individuals not authorized to see them.
Using personal mobile devices (BYOD) because security standards on personal devices may not conform to company policies
Using personal file-sharing/file sync-and-share apps in the workplace.
What you can do: Establish your CIO and (under the CIO) your IT Department as the authority when it comes to the adoption of new technology and applications that affect business operations. This idea goes beyond file sync/sharing services as well. If accounting wants to use a new app, they need to get approval, etc. With clear review processes and communication, approvals can happen in a timely manner- thus preventing any department from increasing the risk of data loss through the adoption of insecure applications.
Organizations need to have a clear understanding of how their data is being shared and distributed, and take
steps to protect data wherever it travels. The effort required will be a combination of education,
process control, governance, and technology. Companies that fail to take action may experience data loss, which may lead to a loss of reputation, competitive advantage and potential regulatory fines for noncompliance.
Note: All trademarks, service marks, trade names, trade dress, product names and logos appearing on the site are the property of their respective owners.