Early in my career, I worked at the National Security Agency, and one of the cool things about it was that no one expected you to take your work home with you. In fact, if you did, you’d be fired at best, and arrested at worst. So the only sensitive information I was privy to that ever left the building was in my head. With sensitive information being the lifeblood of companies everywhere, and with that level of control not being an option for them, the ease with which confidential information can be shared outside the company is a perennial headache for CIOs and others charged with the security of that information.
How to deal with this headache was the topic of my recent email interview with Chanel Chambers, director of product marketing at Citrix Systems, who shared four tips for keeping company information secure when employees leave. The first one is to think in terms of enterprise file sync and share (EFSS) options, not email, when sharing and sending files:
Email has significantly improved the way we work and has enabled us to easily collaborate with colleagues, partners, businesses and more who are rooted in different states, countries, and even continents. While email has become a convenient tool for work, it has its shortcomings, especially when employees leave their organizations. Not only do files and documents become inaccessible or hard to find, employees will often clear their inboxes on their last day. As a result, valuable company data and/or proprietary information is lost.
To combat this problem, it is imperative for companies to put in place strategies for sharing, saving and keeping data secure. By utilizing a company-approved EFSS solution, important documents and information once shared as attachments or in the body of emails don’t leave with the employee. Instead, EFSS gives users true enterprise-class data services across all corporate and personal mobile devices, while maintaining total IT control. Therefore, documents are kept within the company's secure network, which can be easily accessed via the cloud or desktop by those permitted by the administrator.
Now, when IT folks are setting up new employees with relevant documents, these employees will be able to focus on finding new ways to add value, not recreating existing work.
Chambers’s second tip is to employ information rights management (IRM), so that access to files always requires authentication:
When companies are dealing with high-level executives leaving the organization, one fear is the potential of highly confidential information walking away with them. One common strategy is to ask executives to leave the business the day of their resignation. However, this leaves no room for transition, and organizations are again faced with the challenge of losing important proprietary information.
Once a document leaves the protection of their network or cloud storage repository and is sent externally, how do IT managers ensure only the intended recipient can view sensitive files? EFSS solutions with IRM capabilities ensure that organizations retain full control of who is able to access documents and exactly what they can share from these files, even after the file has been downloaded.
Other key features of EFSS solutions with IRM include revoking file access even after the file has been sent, and watermarking the files — it’s both a deterrent and a tracking feature should someone try to cut/paste or print/share. Persistent and granular usage policies mean organizations can automatically control and audit who can use downloaded files, what they can do (edit, screen capture, print, cut/paste), when, and from which device or IP address. Employees who think they can get around this by using copy and paste tactics will be out of luck.
Third, Chambers said, it’s important to integrate data loss prevention (DLP) tools to restrict access and to share based on the content found within a file:
When it comes to confidential information, no one wants anything to slip through the cracks. IT managers can ensure there is no leakage of valuable information from former employees by implementing DLP in their company. DLP enables organizations to adjust the sharing and access privileges based on key terms that are associated with the company's unique NDA documents and files. The DLP scans and their preferences will then allow access based on how strictly IT and executives want to control access.
This is ideal for businesses, especially those in highly regulated industries, that need to be able to control file sharing based on the content inside the files themselves. It allows IT managers to enforce sharing restrictions, per company policies, and to adhere to strict security and compliance regulations and requirements.
Finally, Chambers cited the essential nature of instituting a mobile device management (MDM) mindset:
While most organizations should be embracing BYOD by now, more need to simultaneously embrace MDM. The easiest way for ex-employees to walk away with company data is to take it with them, even unknowingly, on their personal-owned devices that they use for simple tasks such as email and calendaring.
MDM policies give IT teams the ability to wipe the device regardless of its location, and prevent proprietary information from walking out the door.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.