With the growth of the mobile workforce and online collaboration more and more corporate security information is leaked, often unintentionally. The cost of data leakage is high, both in terms of financial losses due to liability, loss of IP which can damage competitiveness, and damage to the corporate brand.
Most companies have security policies which are written, but there is still no guarantee that all employees are fully briefed on what they mean, and how they need to adapt their work habits to comply.
Here are some facts concerning data loss that businesses can’t ignore that show the need for security to become transparent and integrated into the day to day business, to ensure full compliance.
1. Most Often Data Is Leaked Unintentionally
Employees see webmail, file sharing services, cloud storage, USB sticks and smart devices as easier to use than traditional corporate tools to transfer files. Many employees use personal email to send company documents and data, and use consumer-grade file transfer for business purposes. Often employees see themselves as doing whatever is necessary to get things done, but it still opens up the business to unnecessary risk and can result in data loss.
2. Corporate Devices Shared With Non-Employees
According to Cisco sponsored research many employees share work devices and sensitive information with non-employees. Approximately one fourth of the employees surveyed admitted sharing sensitive information with friends, family, or even strangers, and almost half of the employees surveyed share work devices with people outside the company without supervision.
3. Email Is A Major Cause Of Data Loss
Email continues to be the primary source of data loss. Federal information security and email management professionals say standard email is the number one way unauthorised data leaves an agency based on a study by Meritalk. According to the report, a single Federal agency sends and receives an average of 47.3 million emails each day, averaging 1.89 billion emails per day for the Federal government overall. While 79 percent of Federal information security and email management professionals say cyber security is a top priority, only one in four give the security of their current email solution an “A.”
4. Third Party Applications Put Data At Risk
While employees may naturally use caution when forwarding emails, the ‘Open In’ functionality is much less obvious and they may be leaking data unintentionally using applications like Facebook, Twitter, Evernote and Dropbox. There have also been incidents on the Android platform, where malware impersonating trusted applications have become the recipient of confidential data.
5. Web Servers Can Be The Weakest Link
Someone who wants to steal sensitive information may use a personal Web mail account or upload information to a Web-based file-sharing site. Web servers, by their very nature, tend to be at the network perimeter and connect with the external Internet. They provide a direct gateway for external attackers to gather information about the internal network and possibly even acquire actual files and data that were meant for internal company eyes only.
6. Security Policies Are Lost In A Sea Of Paper
Most information about the security policies are stored in a long written report, that few have patience to read, and those that do may not understand. Most IT security policy and procedure manuals are written in a language to impress regulators, lawyers and auditors; the average employee doesn’t stand a chance.
Data leakage is a complex problem that requires a solution that involves people and technology. Like most complicated situations the best solution is often a simple one that works with the existing business processes to work in the background with minimal user education and intervention.