In our weekly newsletter, we'll bring you insights from our executive team, news and information about data governance and methods you can use to prevent leaks. We’re looking forward to your feedback and hope you enjoy the read. If you'd like to receive future editions, please subscribe.
How does $250 sound?
Recent research shows that’s all it would take for about 7 percent of European employees to cough up access to their corporate networks. 14 percent would sell their login info, although their price points would be a bit higher. The same study, which surveyed 4,000 employees in Europe, found that 29 percent have purposefully sent sensitive information outside their company and 15 percent have taken “business critical” information from one job to another with the purpose of reusing it.
These are facts that every business and IT leader needs to understand and consider how to address.
WikiLeaks Vault 7 leak: a whole new level of threat
What impact would a leak have on your business?
The recent WikiLeaks release detailing CIA spying activities and 0-day hacking methods to exploit everything from your iPhone to your toaster show that just about any organization can be hacked, no matter how clandestine.
The leak has created quite the kerfuffle among consumer privacy groups and civil rights watchdog organizations, but what can businesses learn from the episode besides the fact that no information is ever completely safe all the time?
Lior Div at NetworkWorld has an interesting suggestion. He asserts that enterprise leaders need to assess exactly what kind of impact a leak would have on their businesses. Would a leak impact the bottom line? (See the following section – there’s a pretty good chance that it would.) How would it impact the company’s reputation?
It’s hard to quantify the impacts of a data leak. There are a ton of variables (number of records, kinds of records, how the records are distributed post-leak, etc.), especially when assessing potential losses to reputation. It’s an exercise many business leaders may not be accustomed to.
“While taking proactive steps to prevent leaks is highly important, companies should also run scenarios that look at how they would be impacted by a leak that exposes key data and develop a response plan in the event of a leak,” Div writes.
“Companies involved in projects that could spark ethical concerns should talk about the potential fallout if the public learned about this work and how to quickly recover,” he continued. “Would the stock price tumble? Would revenue be hit? Would customers cancel contracts?”
A leak could also reveal proprietary information to the world, rendering R&D efforts useless, exposing the company’s secret sauce to competitors or potentially revealing personal or inappropriate correspondence between employees, customers and third parties.
Companies need to take hard looks at exactly what they’re doing and how the public and markets might react if it were suddenly public knowledge.
The Harvard Business Review addresses the topic in a recent article. They’ve broken reputation risk assessment and management down to a procedure just about any organization can follow:
- Assess current reputation. How the public and markets presently think of a business/brand
- Check reality. How realistic is it for the business to match its reputation? How close to reality are market and public perceptions of the brand?
- Attempt to close gaps. Or at least lay out a plan for bringing the company’s methods, strategies and activities as close to its reputation as possible (assuming it has a good reputation). This is easier said than done, of course, but the exercise is helpful if data is leaked and the company needs to respond and rebuild the trust of the public and customers.
- Monitor changing expectations and beliefs. Are public expectations of an industry or corporate transparency changing? Are customer and competitor expectations shifting? Keeping up with the times will help inform business decisions so leaked information doesn't reveal any out-of-date, distasteful practices.
Your leaky data security strategy
An annual study by Cisco found that one-third of companies that fell victim to a data breach in 2016 saw an immediate 20 percent drop in revenue. That’s on top of losses to reputation, compromised business opportunities and drops in customer base.
A leading cause for breaches was incompatibilities between the many file and data security products most companies use to weave their data safety net. These gaps between security solutions hindered security departments to the point where only an average of 56 percent of threat alerts could be investigated each day.
Check your data security priorities
A quick follow up from last week’s newsletter: If your organization hasn’t revised its data security spending priorities in a few years, it’s doing things wrong. Network and endpoint protection methods have advanced, and would-be leakers and hackers, ever eager to min-max, have turned to other avenues to grab your data. Plus, beefing up security on your network and take-home devices does nothing to prevent insiders from stealing or sharing data either by choice or by accident.
Prioritizing detection and response (identifying a leak or breach, shutting it down and destroying compromised file copies) is “in” for good reason. These types of solutions cover scenarios where your network wall fails and you need to detect a threat and shut it down. They also allow you to monitor employees and the progress of files across the IoT and respond to any suspicious behavior or outright leaks.
This week in data leaks
- Recently leaked Saks Fifth Avenue customer data wasn’t encrypted; company in violation of various privacy laws
- Android Forums hacked
- Australia introduces mandatory data breach notifications
Vaultize is an innovative data security company that allows customers to track and control their documents from creation to deletion on any device, anywhere. From CYA to compliance, Vaultize provides data protection without restricting use. Vaultize’s platform utilizes DRM and encryption to secure any and every file, protects those files no matter where they travel, and provides visibility into who is accessing them and how they are being used. The Vaultize platform is transparent to users, scalable and flexible to deploy. For more information, visit www.vaultize.com.