2013 may have been the year that organizations started changing their security focus from outsiders to insiders. Most of the well publicized data breaches involved outside hackers, until Mr. Edward Snowden made his revelations about the National Security Agency’s (NSA) spy programs. All of a sudden, everyone is worried that a disgruntled employee or other person with malicious intent could cause havoc.
The malicious insider remains a serious threat, but will become more visible in 2014. Part of this is an increased awareness by companies of the threat. Another reason is that the US federal government and state legislatures are strengthening data breach laws and their enforcement mechanisms. It can still be very difficult to detect and prevent insider attacks, especially when people need to legitimately share sensitive data inside the organization and with business partners and customers.
The more invisible insider threat is an employee just doing their job and unintentionally causing a data breach. BYOD programs and file sharing services like Dropbox make it harder to keep corporate data under corporate control. There are also situations where someone accidentally sends an email attachment to the wrong person or misplaces a USB flash drive with a sensitive document. Convenience is frequently trumping security.
Less obvious insiders are contractors, vendors, and other business associates. Organizations bring these people into their inner circle of trust, but they are harder to police, since they are not subject to your corporate controls. You have to be aware of their practices to secure your important information. Recent changes in HIPAA and other laws make you responsible for any breaches throughout your data supply chain. With many organizations using outsourced services, understanding how those partners secure your data will become critical in 2014.
Data encryption and a complete audit trail of access are the only viable ways to protect your data. By using Fasoo to encrypt documents at the point of creation and controlling access throughout the document’s life, you can guarantee a secure data supply chain.