This article was first published in the Autumn 2014 issue of Touch
In today’s fast-paced working environment, many of us are all too familiar with the rush to complete work projects in time – sometimes requiring us to work from home, on the stifling train journey to and from work, and maybe even when we’re on holiday. For many organisations this will increase the risks typically associated with corporate data and sensitive information on the move, and businesses will have reduced control over the security of their data.
With the flexibility of being able to work remotely from almost anywhere, businesses are required to trust their employees and rely on them to take the right precautions to keep sensitive information secure. While many organisations are prepared for security attacks – with processes in place to ensure security on their own systems – few employers expect their loyal employees to steal company data.
Following the Edward Snowden revelations in 2013, IT departments are now tasked with monitoring potential insider threats. Though Edward Snowden’s work with the CIA and other US intelligence agencies put him in the position of a highly trusted employee, this trust provided him with everything he needed to accomplish what he set out to do. There were no measures in place to stop him and prevent what was quite possibly the biggest information leak in the history of the US.
The insider may seem innocuous, but they are a viable threat to any organisation with valuable information such as payment card, intellectual property and proprietary business data. While ‘insiders’ may not necessarily be staff who are on holiday, threats can come from employees in the office, former disgruntled employees, contractors, or any other business associate that has authorised access to corporate data. The risks come from those that intentionally misuse their access to data and use it to cause a negative and detrimental impact on the confidentiality and integrity of sensitive information.
Although there are a number of obvious routes to secure intellectual property, if the authorities from whom Snowden was stealing had an encrypted flash drive, they could have tracked the information wherever it resided. Any activity on the drive could have been monitored from an on-premise or cloud-based management service. This would have ensured that they would have had constant contact with it, and would have had the ability to restrict where the device could be used, or simply resort to the fail safe and remotely lock it down, ensuring nobody could access the data.
Protecting sensitive information and intellectual property, be it from malicious or disgruntled employees stealing data, or those unintentionally violating data use policies, should be a priority for all organisations. Disabling outdated user accounts when employees exit an organisation, implementing policies with privileged account passwords, updating them regularly and limiting access to corporate systems, are all crucial to keeping data secure.
How many of your employees would you expect to steal from you? Hopefully, the answer is none. What if you ask yourself how many have the ability? A much larger number, perhaps. The truth is that anyone in your company has the capability to steal, share or sell restricted information, so you need to be prepared for any eventuality.
Nicholas Banks is vice president of sales for the EMEA and APAC regions at Imation Mobile Security
Share this story