MENU

Avoiding the insider threat of data disclosure

March 20, 2014 • Opinion

The inadvertent disclosure of sensitive data can happen in a flash. Whether it is an employee posting to a micro-blogging site, or carrying documents containing confidential information in plain sight of anyone who walks past, these disclosures can be devastating to both a company’s bank account and its reputation.

Simon Campbell-Young, CEO of Phoenix Distribution. (Image source: Phoenix Distribution)

Simon Campbell-Young, CEO of Phoenix Distribution. (Image source: Phoenix Distribution)

Business across all industries and of all sizes must be mindful of the need to avoid inadvertent disclosure of their sensitive information or intellectual property, says Simon Campbell-Young, CEO of Phoenix Distribution. “The ways in which data can be disclosed are influenced by both online and offline activity. For example, as social networking becomes more and more pervasive, the lines between work and home are fuzzing.”

He says companies must be cognisant of the fact that information posted on social media sites is harvested by organisations and sold for marketing and other purposes. “These sites are under no obligation to protect information on companies that is posted by their employees. In this way, a business’ data could be at risk, if posted on a site that is not in the business’ control. Companies should ensure they have a policy in place to prevent their data from being posted on any third party Web site, unless specifically allowed. Similarly, policies governing the use of social media among staff should be in place.”

Another issue, he says, is the opening of documents in third-party applications. “Sharing data with applications such as Facebook, Twitter and Dropbox, can pose some serious risks. Staff may be cautious when forwarding an email, but they are less likely to consider the ‘Open In’ function, and might well be unconsciously leaking information. Remember, that today’s workers are more likely than not to be using their personal devices – smartphones, tablets, laptops – as work machines, and while BYOD definitely boosts productivity, opening sensitive data in apps that aren’t controlled by the business is a risk.”

Similarly, he says using file transfer apps can also be dangerous, but when sending really large files, using these as a shortcut that bypasses policy can be tempting.

In terms of e-mail, Campbell-Young says businesses should educate their staff on how best to secure any company e-mail. “Policies that forbid the forwarding of proprietary company data to personal e-mail accounts should be in place. Regardless of whether the intention is to work from home, it is important to remember that it not the responsibility of e-mail providers to protect confidential information at the level that a business may protect its information.”

In addition, most employees think it isn’t a problem to transfer work documents to personal computers, tablets or smartphones. “While this isn’t necessarily a danger per se, most of these files are not deleted, as employees don’t consider how keeping these files may be dangerous. USB thumb drives, smartphones and tablets – all of these can easily be lost or stolen, or just left lying around containing an organisation’s private and sensitive data.”

“Your information is already out there, and cyber crooks have it in their sights. If you’re lucky, they’ll only access the most harmless stuff, but too often this is not the case. It’s hardly news that we live in a world controlled by cyber crooks, who are cunning and sophisticated, and are already breaking into every valuable store of information they can find. Our only hope is to make this as difficult as possible, and certainly not help them through our own carelessness,” Campbell-Young concludes.

Staff writer

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« »