Tag: confidential data

Can You Stop Former Employees Taking Your Data?It’s a good question and one that many organizations don’t think about thoroughly.  You take a lot of time onboarding an employee by doing background checks, checking references, and determining what information systems and data access the person needs to do her or his job.  You may have a comprehensive provisioning system that grants access to all applications and data.

But how about when someone leaves?  It’s great that you de-provision access the INSTANT someone becomes a former employee, but how do you protect the confidential data she or he may have been taking out each night for the last few weeks?  Organizations spend a lot of money guarding against cyberattacks from hackers and other external people, but many don’t do enough to protect their data from threats of former employees.

While an employee or contractor, many people create and use a lot of documents that contain intellectual property, financial data, employee and customer information.  Given the nature of work today, these documents are stored on laptops, mobile devices, in cloud services, and all over your organization.  In fact 70 percent of organizations do not know the location of confidential information, according to a study by the Ponemon Institute entitled “Risky Business: How Company Insiders Put High Value Information at Risk”.

A recent survey by OneLogin found that 47 percent of organizations admit that one in every 10 data breaches were tied directly to former employees.  We don’t want to stop employees from working where they want and when they want, but it’s important to control access to the documents they use, regardless of location.

The best way to control access to documents is to encrypt them and apply permission controls that limit what an authorized user can do with the document.  This applies to documents created at the desktop, reports run from databases and documents downloaded from information systems and document repositories.  The controls are persistent and even apply to all derivatives of the documents, so no matter how many copies are out there, they are controlled and managed.

When an employee leaves the organization, you only need to remove their access in one place and all sensitive documents are inaccessible.  That person now becomes an unauthorized user.  It doesn’t matter if the document is in a cloud service, on their home PC, in email or on a thumb drive.  You don’t have to go looking for them, because once you de-provision the employee, their access is gone for all documents.  If they try to open them, they see a bunch of random characters.

While controlling system access is important, controlling access to the documents that contain your sensitive data is more important.  Applying controls on the documents themselves ensures you can turn off that access with a click of a mouse the moment an employee becomes a former employee.



Photo credit ThoroughlyReviewed

Fix a broken chain of custody of your confidential dataCompanies share a lot of confidential data with third parties.  Who is responsible for keeping that data secure?  Is it the originating company or the third party?  Or both?

This week American Express sent letters to card holders about a possible data breach.  According to reports “an unauthorized person or group accessed the system of a third-party service provider prompting American Express to warn customers that card member information may have been compromised.” The company said, “It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”  So is American Express to blame for this incident or is the service provider to blame?

This breach is another example of a broken chain of custody with confidential data.  American Express may have strong protections for its confidential data, but when it relinquishes control to another party that has weak controls, hackers know how to exploit the situation.  This is the same issue I talked about last year on the weakest link in the supply chain.

Think about the vulnerability of your data within your supply chain.  You may have the best security that money can buy, but once it leaves the confines of your environment, the information is out of your control.  You have to rely on the security systems of your partners to protect your information.  Unless you’ve done a security audit on those partners and are satisfied they will maintain your confidential data safely, you are vulnerable.  Hackers prefer to target the weakest link in the chain and they know smaller providers of large companies are easier targets.

This is where persistent security comes into play.  If you have strong encryption and permission controls on your confidential data, you can limit access to it regardless of where it is.  One of our customers uses our applications to exchange PCI with a third party.  The file can only be accessed a limited number of times on specific computers.  After that, the file is useless.  If someone tried to steal the file, they can’t read the data inside.  The result is no data breach.

Ultimately American Express is responsible for its card holders data, regardless of where it is.  You can best protect your confidential data throughout your supply chain by encrypting it and controlling its access at all times.  That’s better than welding your broken chain.


Photo credit Brian Smithson

Book a meeting