Government agencies throughout the world are bolstering data security strategies in the wake of intelligence leaks and possible election meddling in the US and elsewhere. The UK Government Communications Headquarters (GCHQ) is no exception. The Queen has tasked the agency with managing a new National Cyber Security Center and combating cyberthreats to the national infrastructure, utility grids and healthcare systems.
The agency draws a lot of its expertise from former spymasters and security specialists employed by the British Secret Service. They’ve provided a wealth of tips ranging from the basic to the advanced that businesses and GO’s alike can implement in their data security strategy if they’re not doing so already. Here’s a few, straight from the British Secret Service by way of Entrepreneur.com:
Forbid employee external storage devices
While some organizations may choose to allow employees to bring memory sticks or external drives from home, the best policy is to forbid them entirely. Plugging in a personal device at work is one of the most common means by which malware finds its way onto corporate devices. Allowing employees to use them is simply not worth the risk.
Besides, there are a variety of secure alternatives to plugging in a personal memory stick. VPN, or allowing employees to remotely access an on-premise file server from certain devices, is a classic option. But it’s now nearly entirely obsolete. Cloud-based storage and collaboration tools have taken VPN’s place. Plus, there are a myriad of data concerns with VPN, such as data being stored or cached on unsecured remote devices. But many cloud-based options, especially the most common consumer-level ones, also lack adequate security technology and admin control options.
Vaultize’s VPN-free secure solution allows anywhere access to corporate file servers. Vaultize enables IT to configure access to corporate file servers such that it is tightly integrated with the access control and sharing policies defined by the Vaultize administrator for the users in their organization. This not only allows users to access their file server data anywhere from a single secure access point, but also automatically enforces the access control and sharing policies defined on that data. Vaultize does not cache any data from the file server, thus avoiding unnecessary redundancies and copy compliance issues. Users also do not need to connect to the corporate network or use VPN as they will be accessing data through Vaultize, which comes built-in with end-to-end security. The data is encrypted with AES-256 right when it is picked up from the file server and is decrypted only when the user "opens" it; it remains encrypted on server, on network and on endpoints (including mobile devices).
A “least privilege” protocol
A well organized and tightly controlled employee access protocol is hardly a novel idea to IT admins and security managers. That said, it’s surprising how often organizations fail to implement and maintain a coherent control system, even when risk is extremely high.
Limiting employee access can’t be as simple as “executives can access A, B and C, middle management can access B and C, while everyone else can access C.” Even executives need to be checked on how and where they can take and access data and, based on where they are, how they can interact with it or share it. Being an executive doesn’t automatically make someone a security or IT expert.
Across all security clearance levels at any organization, several access controls besides “can access/can’t access” are critical. Think in terms of access expiration dates, geo- and IP-fencing, tracking how data is accessed and automatically wiping it from endpoints inside and outside of the corporate network.
How to create an access control policy with Vaultize
Train staff often
No data security and access control program will work if it’s not adopted across the board at your organization. If someone isn’t following the rules, it’s usually because they don’t know them or don’t know how to use tools designed to lower your risk of a breach or leak. The prevalence of Shadow IT at many organizations is usually the result of employees finding security solutions too cumbersome or not understanding data security requirements. Or maybe they don’t know the risks of using consumer-grade platforms like Dropbox, etc.
It's mission critical that you exhaustively train all staff members on how to use any data security solution you go with. You should also educate them on the potential risks to the company if they don’t follow the rules. Every employee from the intern to the CEO should be able to give a solid demonstration on how to securely store, send and collaborate on protected files.
Vaultize’s single-platform solution is a good fit for almost any organization because it’s designed to behave like native file explorer programs. Using it is as easy as using Windows or MacOS. It’s also designed to minimize impact on common workflows, which helps reduce the likelihood that employees will circumvent it to make their lives easier.
You can read more of Her Majesty’s secret service data security tips here.
Vaultize is an innovative data security company that allows customers to track and control their documents from creation to deletion on any device, anywhere. From CYA to compliance, Vaultize provides data protection without restricting use. Vaultize’s platform utilizes DRM and encryption to secure any and every file, protect those files no matter where they travel, and provide visibility into who is accessing them and how they are being used. The Vaultize platform is nearly transparent to users, scalable and flexible to deploy. For more information, visit www.vaultize.com.