As more and more employees work away from the office – at home and on the go – and collaborate online, sensitive corporate information is increasingly leaked, often unintentionally.
Mobile employees tend to adopt personal cloud share services such as Dropbox and Google Drive that are intuitive to use and easily solve file synchronization and share needs, but increase security risks and locate the organization’s data at uncontrolled locations. The cost of data loss is very high, both in terms of financial losses, leaking of IP to competitors and damage to the corporate brand. In response, many organizations are taking action by training employees, setting up restrictions and requiring certain data usage policies. However, as efficient as the instructions and company regulations may be, there is never a full guarantee that they will be followed.
Educating employees about the importance of sharing data securely is critical, but simply not enough. As employees become more sophisticated and tech-savvy, they are finding creative ways to circumvent corporate policy, ignoring the security risks and regulatory implications to the enterprise.
Here are some facts about data leakage showing why enterprise-grade security technology is a critical ingredient for keeping data secure in storage and in transit.
1) Employees will find shortcuts and workarounds to security policies
Employees are increasingly “going around” IT by sharing critical information through webmail, file sharing services, cloud storage, USB sticks and smart devices, simply because they perceive them as easier to use than traditional corporate file transfer tools. They use their personal email to send confidential company documents and data, and consumer-grade file transfer for business purposes, both lacking sufficient security protection. Often employees do so in order to “get the job done” more quickly, not realizing the unnecessary risk and that can result from data loss.
2) Corporate computers are often misused
According to Cisco sponsored research many employees share work devices and sensitive information with non-employees. Approximately one fourth of the employees surveyed admitted to sharing sensitive information with friends, family, or even strangers, while almost half of the employees surveyed share work devices with people outside the company, without supervision.
3) Email causes the most enterprise data loss
E-mail continues to be the primary source of data-loss risk. Federal information security and email management professionals say standard email is the number one way unauthorized data leaves an agency based on a study by Meritalk and sponsored by Axway. According to the report, a single federal agency sends and receives an average of 47.3 million emails each day, averaging 1.89 billion emails per day for the federal government overall. While 79 percent of federal information security and email management professionals say cyber security is a top priority, only one in four give the security of their current email solution an “A.”
4) Web servers can be the weakest link
Stealing sensitive information can be done fairly easily by using a personal Web mail account or uploading information to a Web-based file-sharing site. Web servers, by their very nature, tend to be at the network perimeter and connect with the external Internet. They provide a direct gateway for external attackers to gather information about the internal network and possibly even acquire actual files and data that were meant for internal company eyes only.
5) Security policies are written in a language foreign to the average employees
Most explanations about the security risks faced by the organization are stored in a long tedious report, that few employees have patience or time to read, and those that do may not understand. Security policy and procedure manuals are written in a complex legal language to impress regulators, lawyers and auditors; the average employee doesn’t stand a chance.
Data Leakage is a complex problem that requires a solution that involves people and technology. Like most complicated situations the best solution is often a simple one that works with the existing business processes to work in the background with minimal user education and intervention.
To learn more about an integrated solution that makes security policies easier to enforce click here.