If you rewind the clock back 50 years, the rich were those who had a big bankroll in their pocket. This was before most of us had credit cards. Debit cards were a nice idea and the concept of PayPal was a pipe dream. Fast forward to 2013 and we all know that money is still power, but getting your hands on sensitive data seems to be the way to riches.
Of course stealing secrets is nothing new. The Romans were some of the first to invent rudimentary forms of encryption to send battle plans safely between troops. If you are a spy fan, everything from James Bond, to Get Smart, to the latest television show The Americans, shows how important stealing secrets can be.
The big problem today is how easy it is to steal sensitive data. There are usually 3 ways this can happen.
- A hacker gets into an unpatched or easily compromised system.
- A trusted insider deliberately takes information.
- An insider accidentally takes or loses information.
Most organizations focus on the first one, since it gets the most headlines. Many of the big data breach stories are about groups like Anonymous or some organized crime syndicate hacking into a big company. While thwarting this type of attack is important, it does not solve the problem. Ironically, most of these hacked systems were either unpatched servers or they used rudimentary or nonexistent security; many were using default passwords.
The second and third items are harder to control. Large companies may have an army of IT people to monitor and manage insider data loss. Most small companies seldom have the tools in place to mitigate this very serious threat. Without the proper security systems in place, a disgruntled employee can walk away with your entire client database, product patents, financials and other confidential information on a CD, DVD, or USB drive. It’s even worse if someone loses it accidentally.
As more businesses move to the cloud, the problem increases as the traditional file server, which managed access rights and audit logs, is replaced by a shared cloud storage service. As more information moves through Dropbox, iCloud, Box, Google Drive and other systems, it becomes more susceptible to loss.
Encrypting files as they are created is the best way to ensure that no one steals sensitive data. Using DigitalQuick is a great way to quickly encrypt any file in Dropbox. Applying persistent security to any file you create on your desktop or download from a document repository ensures that you control who can access the file. It’s not good enough to just encrypt the file while it sits on a hard drive. You also need to keep the encryption in tact when someone uses it. If you have to decrypt the file to use it, then you have lost the value of encryption.
Stealing secrets is easy in today’s interconnected world, but it doesn’t have to be. I remember a line from the movie Sneakers, where the bad guy says the world today is run with 1s and 0s. Make sure hackers and other criminals can’t turn your 1s and 0s into dollars and cents (or pick your favorite currency).
Photo credit Fort Meade
