Historically, the top industries investing in data protection have been health care, financial services and government, and the reasons are clear. These industries manage and exchange endless amounts of (lucrative) personal data — Social Security numbers, health records, bank accounts, etc. — and data protection is a crucial component of maintaining the trust of clients, patients and the public. Because they deal with so much personal data, these industries are also highly regulated. The acronyms HIPAA, GLBA and SEC come to mind.
Without these compliance concerns or regulatory bodies to answer to, companies operating in other industries are often not as aware of the risks associated with sensitive data and are not as motivated to utilize methods of data protection. When given the choice between tools and strategies that lead to growth, or investments in security solutions without a clear ROI, it’s no surprise that companies typically lean toward the former. Even with data breaches dominating news headlines, companies continue to take the “it will never happen to me” approach, believing their sensitive data isn’t worth stealing.
But all companies have sensitive data that is vulnerable to theft, and hackers will continue to explore new ways to profit off of valuable data, as evident by the recent hack of newswire services targeting upcoming earnings releases, mergers and acquisitions news and new product announcements. However, newswires aren’t the only vulnerability for companies. In this slideshow, ZixCorp examines potential trouble areas that are exposing your company’s sensitive data.
Protecting Your Company’s Sensitive Data
Click through for six areas organizations need to consider to ensure their sensitive data is protected, as identfiied by ZixCorp.
The amount of sensitive information sent via email is immense. Financials are sent to auditors, press release drafts are exchanged with outside consultants, personal customer data is shared with business partners. Yet, so few companies put measures in place to protect email. Perhaps because sending email has become second nature, there’s no reason to think that anyone other than the intended recipient is reading it. But if those emails aren’t encrypted, to a hacker they are as easy to read as a postcard going through the mail. (Read: very easy to read.) Modern email encryption solutions don’t need to be cumbersome or difficult to use; many integrate seamlessly without interruptions to day-to-day workflow.
Workers are no longer constrained to the traditional 9-to-5 or limited to the computers and phones on their desks. Smartphones and tablets offer easy access to the office for those on the go. Whether it’s working remotely, traveling for business, commuting on the train or checking in while on vacation, files are opened, documents are downloaded and emails are read on mobile devices. This “INTERNAL ONLY” information is at risk on mobile devices. Additionally, smartphones and tablets are conveniently small and compact, meaning they can be easy to misplace or lose. If you aren’t protecting corporate data accessed on devices, it can be an easy target for thieves. When addressing mobile security, look for a bring your own device (BYOD) solution that keeps data off the device. That way, if the device is lost or stolen, you ensure corporate data is safe from unwanted eyes.
We’ve all experienced it: trying to send a well-crafted email that says, “As you’ll see in the attached,” only to receive a notification that your email attachment’s file size is too big to exchange through the email server. What is an employee to do? A sheet can’t be trimmed off of an Excel document or pieces left out of a critical business presentation, so the employee stores it in an online file sharing service, sends a link and moves on to other business. Unfortunately, the employee doesn’t realize the free, unsecure file-sharing site leaves corporate data at anyone’s disposal. So, make sure you provide approved, secure solutions for your employees, otherwise your employees could be leaving important information exposed.
Encryption isn’t just a good idea when it comes to email; it’s helpful in protecting laptops, USB devices and desktops. Laptops and USB sticks can get lost, and your office’s desktops are at risk if you ever suffer a break-in. But that doesn’t happen anymore, right? Thieves don’t break into offices at night when no one is at work. Wrong! Thieves have many social engineering tools at their disposal to pinpoint when their next break-in will happen. To protect against this, strong passwords and encryption are encouraged to deter would-be thieves from accessing sensitive information.
With the beauty of computers and the Internet, who uses paper anymore? Truthfully, the promise of a paperless office is still a thing of the future. For those in the health care industry, pay extra attention. If you’re transitioning from paper records to digital, invest in shredding for all those paper files you no longer need. The easiest way for someone to steal this information is to take a dive in your company’s dumpster — and it happens more often than you might think.
Many good-hearted employees can make mistakes. And all too often it is human error that leaks some of the most important information. Ever sent an email you immediately regretted? Or realized the wrong Sarah was copied on a thread? Data loss prevention (DLP) can take care of both. DLP solutions can be set up to scan all emails and attachments to ensure that sensitive information isn’t leaving an organization by mistake.