As summer comes to a close, there will undoubtedly have been an increase in the number of people taking time off to holiday.
This would have led to the familiar rush to complete work, an increase in the number of staff working remotely, and, for an unlucky few, even taking the laptop on holiday with them.
For many organisations this will have increased the risks typically associated with corporate data and sensitive information on the move, and businesses will have reduced control over the security of their data.
With the flexibility of being able to work remotely from almost anywhere, businesses are required to trust their employees and rely on them taking the right precautions to keep sensitive information secure.
Whilst many organisations are prepared for security attacks with processes in place to ensure security on their own systems, few employers expect their loyal employees to steal company data.
Life on the inside
Following the Edward Snowden revelations in 2013, IT departments are now tasked with monitoring and awareness of potential insider threats. Though Edward Snowden’s work with the CIA and other US intelligence agencies put him in the position of a highly trusted employee, this trust provided him with everything he needed to accomplish what he set out to do. There were no measures in place to stop him and prevent what was quite possibly the biggest information leak in the history of the US.
The risks come from those that intentionally misuse their access to data and use it to cause a negative and detrimental impact on the confidentiality and integrity of sensitive information.
Data lock down
Whilst there are a number of obvious routes to secure intellectual property, if the authorities from whom Snowden was stealing had a managed and encrypted flash drive, they could have tracked the information wherever it resided. Any activity on the drive could have been monitored from an on-premise or cloud-based management service. This would have ensured that they would have had constant contact with it, and would have had the ability to restrict where the device could be used, or simply resort to the fail safe and remotely lock it down, ensuring nobody could access the data.
If data isn’t encrypted, its integrity can easily and quickly be compromised. Being able to manage and track it, knowing who’s accessed it, from what location, and on what devices that information resides, is essential. Whilst this can be difficult across a fragmented IT environment, companies need to be confident that if a device is considered to be compromised, they can remotely lock it down, wipe it, or initiate a self-destruct sequence to remove the data to protect themselves and their stakeholders.
Protecting sensitive information and intellectual property, be it from malicious or disgruntled employee’s stealing data, or those unintentionally violating data use policies, should be a priority for all organisations.
How many of your employees would you expect to steal from you? Hopefully the answer is none? What if you ask yourself how many have the ability? A much larger number, perhaps? The truth is that anyone in your company has the capability to steal, share or sell restricted information, so you need to be prepared for any eventuality.
Nick Banks is vice president of EMEA and APAC at Imation Ironkey Solutions
