Data leakage poses a serious problem for organizations as the number of incidents and associated financial loss continue to grow significantly. Over the last few years, companies across industry verticals around the world have experienced their sensitive data being lost, stolen or leaked to the outside world. Many of the high-profile incidents have even caused direct or indirect damage to the tune of millions of dollars, while others have ended up in loss of reputation and brand-image.
Some of the incidents were caused by external threats (hackers) while others were because of internal users. Out of those that resulted because of internal users or trusted third parties, vast majority were inadvertent. Unintentional leakage of data by internal users who have access to critical, restricted or confidential information can put companies at huge risk, and could have been avoided if precautions were taken proactively.
In order to address the accidental data loss events, it is important to consider a comprehensive approach that involves people, processes and technology. In this post we will try to cover technology solutions.
Here are 5 important ways to prevent accidental data leakage to ensure enterprise file security:
1. Implement Endpoint Data Protection (Encryption, Remote Wiping and Endpoint Backup)End-users can lose their device and put corporate information at risk. Device loss not only poses risk for any unauthorized access but also may cause complete data loss if the same is not backed up somewhere – creating compliance risks and monitory loss. Policy-based endpoint backup, on-disk encryption and remote wiping are important to address this. With the rise in workforce mobility this risk is increasing, and hence endpoint data protection has transformed from a nice-to-have to an essential requirement of enterprise file security.
2. Avoid Consumer File Sharing and Shadow-ITThere are hundreds of cloud-based consumer file sharing solutions available for FREE today that can potentially create a huge risk to your corporate data because there is no IT control. The control over the information is left to the individual. These types of solutions become the basis for what is called “shadow IT”. When the shadow-IT exists, people unknowingly can end up using it for sensitive data without the knowledge of IT.
3. Segregate Personal and Corporate Data Through Containerization and Use Mobile Content Management (MCM)EMM is necessary for data protection and control due to the mobile nature of our data and the world we live in. Mobile devices are becoming the primary means through which data is getting lost. A successful Bring-your-own-device (BYOD) policy requires a paradigm shift by the enterprise. Once you’re able to accept that enterprise files live in the same space as end users’ personal apps and files, and that devices could get lost or stolen at any time, you start to see the futility in trying to protect the device. And hence, you need to focus on the data instead, and in this approach data containerization and Mobile Content Management solutions can help you:
- Segregate personal data from corporate data
- Keep corporate data protected while it is stored on device (with the ability to remotely be wiped), and
- Control how the content can be used by the end-user
People share sensitive documents through Microsoft Outlook, FTP, and now through enterprise file sync & share (EFSS). All these methods carry risk of loss of control on shared data. Though your employees are trusted, some sensitive data may get shared accidently with unintended recipients with no way of return.
So the best bet for you is to complement your file sharing methods with IT-controlled enterprise digital rights management (eDRM aka Enterprise Information Rights Management). This way, any information going through authorized channels will be wrapped around (DRM-encrypted) with access controls, which can be altered (including revoking the access) even after the data has been downloaded by third-parties. And, the IT will have complete audit trail of the use of shared files.
5. Do Content Classification Through Data Loss Prevention (DLP)Content-aware DLP is a popular way to identify sensitive data and classify it based on the different parameters, and then perform appropriate remediation/enforcement based on content classification. Integration of DRM with content-aware data classification can help you prevent accidental data loss, as it ensures that the information that requires highest security is always locked down automatically.
So rather than leaving the security and protection of sensitive business-critical data to employees, is important for IT to use these preventive methods to ensure that is it is effectively protected from any accidental loss.