Data breach headlines are almost becoming a cliché. Not a week goes by when I don’t read about people stealing information from a company or someone losing a confidential document. Just this week 435 credit card numbers and 1,175 social security numbers at the University of Maine and 1,007 online store transactions at the University of Arkansas computer store were compromised by hackers. This may not be as large as the 280,000 social security numbers stolen from the Utah Department of Health in April 2012, but it’s a big deal to those people affected.
The cases above were deliberate acts, but sometimes a data breach is unintentional. It could be as simple as an employee forgetting they had confidential documents on a USB flash drive and misplacing it. Or maybe someone accidentally emailed an HR spreadsheet with employee’s personal information to a friend. We all love email look ahead, but sometimes it can bite you.
This past week an internal memo from Kodak found its way into a newspaper. The leaked memo was from Kodak co-President Philip Faraci talking about the company’s success at the Drupa print media fair in Germany. In the memo, Faraci said:
“Visitors are not just coming to see what we have to offer, they are coming to buy. By day two, we were at 30 percent of our Drupa sales goal — and by day four, we had reached more than 60 percent.”
The official response from Kodak says they do not release trade show financial performance. A nice way of trying to cover up the fact that something internal became public. Kodak is having enough problems without bad press dogging them.
This may not be a big deal for Kodak, but it’s definitely embarrassing. On the other hand, this may cause them legal and financial trouble. Kodak is a public company and as such must meet strict rules for financial disclosure. Clearly this gives the general public an idea of internal financial information. They may be violating laws or just showing they can’t keep track of internal information. Not the best show of controls needed to comply with Sarbanes-Oxley and other legislation.
Most of us worry about hackers stealing our information, but you also need to worry about employees and contractors accidentally giving information to the wrong people. The leaked Kodak memo is just one example of an insider deliberately or accidentally causing problems. Either way, you still have the same consequences.
How many people have access to very sensitive documents inside your organization? You constantly hear about new product designs getting leaked onto the internet. RIM’s devices have been leaked for months, but this may be a deliberate attempt to show the market its still viable. But it may not and could cause a lot of problems.
Just prior to announcing its quarterly earnings in May 2011, 3 memos were leaked from HP’s CEO that painted a very bleak picture for the company. The memos warned of upcoming cost-cutting measures that pointed to a rough few quarters ahead. As a result HPs stock lost $4 billion. That’s quite an oops.
And think about all the documents that are floating around on Dropbox, Apple iCloud, Box, Microsoft SkyDrive, Google GDrive and a hundred other file sharing services. If one gets into the wrong hands, your business could have a lot of problems.
One way to solve this problem is to encrypt your documents with a persistent security policy that controls access to them. Having the ability to dynamically change access permissions is critical in these cases. If an organization realizes a document got into the wrong hands, a quick click of the mouse changes the policy on the fly. Since the encrypted file checks the user’s access rights and permissions every time someone tries to open it, you can immediately prevent leaked information from going anywhere. Sure I might have the document, but I can’t read anything inside. That’s makes it useless.
Kodak may have been able to enjoy the success its having at Drupa this year calmly, but instead it needs to worry about bad press. Whoever said all press is good press never had to deal with the fallout of a leaked document.
Photo credit roy costello