Securing company files isn’t as easy as locking a door and keeping track of the keys. Hackers and saboteurs craft maliciously ingenious ways to gain access to confidential data, and honest mistakes by end users may undermine even the best data security protocols.
A record-setting number of data breach incidents in 2013 led to more than 800 million records reportedly being accessed without authorization.
In 2014, American home improvement and construction product retailer The Home Depot made headlines when a malicious data breach resulted in the exposure of approximately 56 million customer credit cards and 53 million email addresses.
When data leakage makes headlines, it’s usually because hackers successfully breached security systems. But as attention-grabbing as episodes of malicious data access are, they only account for about a quarter of data breaches, according to a survey of more than 7,000 IT executives and employees in North America and Europe. Most data breaches are far less exciting: accidental loss, unintentional misuse and insider theft are the primary causes of enterprise data leakage, the survey suggests.
So, while securing your enterprise files against malicious attacks is important, it’s by far not the only element worth considering. A data breach caused by simple user error could not only threaten your enterprise, it could also create ethical and regulatory issues.
Consider hospital surgeons who use their personal smartphones to take photos of patients during operations for review later. These good-intentioned surgeons may upload the photos to a consumer-grade file storage systems such as Dropbox, OneDrive or Google Drive for their own reference. However, such services don’t provide the level of file security necessary to ensure that the surgeons are not violating the HIPAA Privacy Rule, which regulates the distribution of information that can be linked to an individual patient’s health status. If this data is leaked, it could result in substantial monetary fines.
Secure enterprise file sharing should frame the existence of IT departments today. You need to have a comprehensive data loss prevention strategy that includes effective policies and procedures as well as user-friendly and adoptable solutions.
The big picture of enterprise file security is not on an end user’s mind. End users care about getting their work done quickly and effectively while making their boss happy; they are bound to try and circumvent cumbersome or complicated enterprise file security procedures.
IT professionals should seek enterprise file sharing solutions that promote file security within a streamlined workflow that doesn’t impede the end user. For instance, email attachments are a perfect way for copies of sensitive files to get shared and potentially fall into the wrong hands. But outlawing attachments or forcing an entire workforce to learn a new way of sharing files is impractical.
Instead, look for an enterprise file sharing solution that easily (and invisibly) embeds itself within an email client such as Outlook and provides secure links to files, replacing traditional attachments without requiring extra work from end users. In such a scenario, these secure links could be monitored by IT teams and audited to see who accessed the files and to view changes made.
The most successful (and job-secure) IT professionals are those who know how to keep their organization’s data safe from both nefarious attacks and basic user errors.