With an increase in cyber attacks targeting financial data, health care records, HR files, intellectual property and other forms of highly sensitive data, enterprises must evaluate not only what data is at risk, but where data is at risk. The threat perimeter has expanded well beyond the walls of most organizations as more file sharing, mobile devices and cloud technologies are deployed by IT departments.
Knowing where data resides is the first step in securing the enterprises’ new perimeter. However, the battle isn’t won until security controls are in place, regardless of a file’s location.
In this slideshow, Seclore breaks down the top five areas exposing your sensitive data to risk, and provides tips for minimizing security vulnerabilities.
Click through for the top five areas exposing your sensitive data to risk and tips for minimizing security vulnerabilities, as identified by Seclore.
Third-Party Vendors and Outsource Partners
According to PricewaterhouseCoopers, only 32 percent of third-party vendors have security certifications, meaning the remaining 68 percent are being entrusted with data that they have no infrastructure in place to defend. Given the amount of companies relying on third-party vendors, either for collaboration or outsourcing, the risk of data-loss is significantly increased when files are in the hands of outside agencies. To make matters worse, only one out of three third-party vendor contracts contain security provisions, providing almost no safeguards should data be compromised.
Third-Party Vendors and Outsource Partners
The use of third-party contractors is unlikely to decrease, and it’s possible that their insecure business practices won’t go anywhere either. When choosing a contractor to work with, it’s important that organizations research what security methods are in place to ensure that any data stored by that third-party vendor is secure. As more organizations use security of information as a criterion for who they choose to do business with, more outside agencies will see the need for investments in security solutions.
In the meantime, enterprises should assume all outside vendors are insecure, and take security into their own hands. The best way forward? Look for security controls that travel with the data wherever it may go. Persistent data-centric security solutions ensure defenses are in place regardless of who is currently in possession of the information, allowing IT departments to retain full control of enterprise data even when it leaves the perimeter.
Every minute, 113 cell phones are lost or stolen in the U.S., but only an estimated 46 percent of enterprises require a password for mobile devices, leaving over half of the mobile workforce vulnerable. With mobile devices becoming more popular within enterprises, it’s not surprising that lost devices were responsible for nearly 41 percent of data breaches reported between 2005 and 2015.
The security of smartphones, laptops and tablets is up to both enterprises and their users. If mobile devices are accepted at the workplace, it’s essential for IT departments to require the basics, such as using passwords and collaborating via secure tools. But at the end of the day, human error presents a weak link in the security chain, and administrators need to anticipate security-related incidents, both malicious and accidental. As such, enterprises must require data-level security assurances that go beyond the capabilities of MDM technologies, securing not just the device, but the data itself.
While essential, email can be the silent killer to an organization’s security should the email content and attachments fall in the wrong hands. Consider the fact that once sent, email is copied an average of six times during the collaboration process. Not surprisingly, having too many cooks in the kitchen, or in this case, an email, increases the likelihood that a company’s data is compromised should the wrong person or a criminal or hacker gain access.
An estimated 88 percent of companies experience some sort of data loss due to emails, underscoring a need for tighter security measures and platforms that ensure emails and documents are shared only with those meant to see them. Additionally, employees must take responsibility for securing their own email files by using enterprise-approved platforms for sharing and collaboration. Even in the case of a “blessed” enterprise file-sharing system, the files themselves need to be persistently protected with digital rights for external collaboration to be fully secure.
Cloud technologies present two fatal flaws for organizations, namely security and compliance issues. As more organizations move assets into the cloud to offset costs and improve collaboration, the risk for a security breach increases.
An estimated 71 percent of IT pros believe that their cloud service providers will not alert them to a data breach that involves customer data. This is problematic for several reasons. First, organizations have a responsibility to alert customers about a data breach if it affects personal data. Second, compliance regulations demand that cloud service providers maintain an environment of security and transparency at all times. Failure to meet regulatory demands can cause significant financial damage in the form of fines and penalties, as well as a tarnished reputation. It’s critical that organizations add persistent data-centric protection to data and files that are shared and stored in the cloud. Do not rely on the cloud service provider to protect your information.
Like it or not, employees are likely to work on and store work-related documents on a personal computer. This naïve behavior can cause considerable damage to an organization if the device is lost or stolen. As well, if the employee leaves the company, the sensitive intellectual property and data can easily be shared with the next employer or other unauthorized recipients.
How do you control the use of personal computers for work related activities? Persistent digital rights management should be applied to all sensitive documents. The newer solutions enable the organization to not only control who and what a person can do with a file, they can also control which IP address or device can be used to access and work on the file. That puts the organization in complete control of their information.