It’s December and we are thinking there can’t be anymore insider threats this year, right? Wrong. From the past two weeks, we’ve had an ex-employee charged with accessing boss’s emails, laptop with patient health information (PHI) stolen from an employee’s car, former family center employee accessed a database of personally identifiable information (PII) and lastly an examiner for a national association lost a flash drive containing PII of members of a $13 million federal credit union during a recent exam.
Just from this list which only contains insider data breaches from one week and in December, we can definitely say that these following organizations were not prepared for insider threats. However, some may think, how can we be prepared from these kinds of threats? Also some strategies after these kinds of breaches have been to plan how and when we will notify our customers. Even more so, people have thought that their security policies and procedures have been sufficient enough. However, as we constantly say, protecting the data itself is what prevents these kinds of data breaches from happening.
The reason behind this is, we have to assume that no matter what happens, files containing these kinds of data will be stolen, whether the insider has done this maliciously or by accident (loss or stolen). However, even after it has been stolen it is important to not allow unauthorized access to the data through these files. This is where data centric solution such as digital rights management comes along. Having the ability to set certain permissions of what each user can do, or being able to revoke access completely after realizing that those file have been stolen or lost, is a function that everyone mentioned above would have wished they had.
However, can we blame them for not thinking that this kind of data breach would happen to them? In times like this year and recent years before, the answer is now, absolutely! Every organization must be prepared, and now with warning from the FBI and Department of Homeland Security, as well as the possibility of facing substantial fines from federal government organizations such as the FCC and state related organizations as well.
Remember, based on the headlines we see now on a weekly basis, everyone must be prepared for these kinds of data breaches, even to those that are inside our organizations.
Photo Credit: thinkboyfatter