As we have progressed to a near full digital work environment through advancements in technology, today’s business documents are portable, easy to copy and more prone to employee data theft and data breaches. Gone are the days when businesses locked sensitive paper data in file cabinets.
Today a significant portion of highly sensitive data is stored electronically. Highly confidential information is now saved in multiple locations beyond the employer’s control and on devices unknown to the employer by the authorized users of the business. While employers claim to have identified and secured the crown jewels related to their core business, the reality is far from it as many companies are still struggling with governance of their most sensitive business information.
Employees often take sensitive files and data outside the perimeter despite knowing that their employer does not permit them to take internal company information. Such information includes e-mails, customer contact lists, employee records, financial information, company history, trade secrets and intellectual property like formulas, engineering drawings and strategic plans.
The reasons an employee takes confidential company information vary from being benign and misguided to intentional for the purposes of personal gain. Regardless of the reason, the ramifications of a data breach are significant and businesses must take measures to persistently secure their most sensitive documents.
Often people seem to feel entitled to information they create on the job. A persistent data-centric security approach would ensure that companies maintain access control to the data, control how an authorized person can use it and continually monitor and govern that usage. An employer can implement policies to define which authorized users can view, share, modify, copy, print or screen capture sensitive information.
An increase in mobility in the workforce means employees work from remote locations and on home computers. Employers can define and enforce usage policies through the use of data-centric security regardless of location or devices to ensure that the concept of who controls sensitive data is very clear to the people accessing this information. They can allow access on specific devices or revoke use of a document by a specific user or expire a document after a certain time.
Technology advancements afford a variety of methods for an employee to take data electronically from a company. Studies indicate that employees take sensitive data by printing paper documents or copying files to hard drives, downloading information onto a CD or a USB memory stick, or even doing screen captures.
Persistent data-centric security can ensure that employers can secure sensitive data and control usage regardless of what method is used for data theft. Even copying of sensitive data from files or attempts to steal data by converting the file to a different format can be prevented since persistent data-centric security ensures that security policies applied on a document can be forced onto all derivatives of the original.
In coming weeks, we will examine various ways that are used by employees for data theft and how you can thwart these attempts.