Blog

Tag: employee data theft

Protect Against R&D Data TheftRecently I was in a meeting with a global pharmaceutical client in New Jersey who told me of the importance they place on their highly secure, centrally managed and monitored persistent security platform to protect against data theft and ensure that their valuable R&D information cannot be lost or inadvertently sent to a competitor.

As the meeting ended, I was informed of the news about the charges brought against five people in the Untied States around trade secret theft inside another global pharmaceutical company. Allegedly a senior level manager at the company was involved in this theft.

Given the global state of business competition, there is a special appeal to the cyber thugs with high-priced or high-demand items. There is an alarming interest in stealing intellectual property, trade secrets and exactly how these items are produced.

A recent Verizon Data Breach Report 2015 identified Manufacturing as the most commonly attacked industry sector for cyber espionage.

Another recent worldwide study by consulting firm PwC and CIO and CSO magazines, “The Global State of Information Security Survey 2016”, provides some alarming indicators of the security threat landscape:

  • Theft of “hard” intellectual property increased 56% in 2015
  • Employees remain the most cited source of compromise
  • Incidents attributed to partners climbed 22%

It is time that organizations with high value data shift their security focus from the perimeter to insider threats to lock down R&D data, intellectual property and trade secrets. Today technology advancements afford a variety of methods for an employee, contractor or a partner to take critical data electronically from an organization. There are many ways for a trusted insider to steal or inadvertently share sensitive data – printing paper documents, copying files to hard drives, downloading information onto a CD or a USB memory stick, and screen captures are a few such methods as examples.

When we add mobility adoption in the workforce and how this adds to the complexity of securing high value data, this task seems almost insurmountable. Targeting and protecting critical value data ensures that a company maintains its intellectual property, R&D work and its competitive edge in the market.

Protecting this data need not be such a daunting task. A data-centric persistent security approach can effectively help you protect and lock down your data.

Use persistent data security to prevent data theft in a mobile worldGone are the days when everyone came into the office everyday for work.  Changes in work habits have brought substantial growth in mobility adoption within the workforce and security challenges have followed.

Today’s employees increasingly work from outside the office and they use a number of mobile (often personal) devices to complete their daily business tasks.  Gallup’s Work and Education Poll from August 2015 points out that telecommuting for work has climbed up to 37 percent in the United States.

A June 2014 survey by Gartner points out that approximately 40 percent of U.S. consumers who work for large organizations said they use their personally owned smartphone, tablet, desktop or laptop daily for some form of work.  Mingling business and personal data can and does cause major security problems, since all of us may inadvertently share sensitive company information with the wrong person.

Employers need control and visibility to data security now, more than ever before, beyond what traditional solutions offer. In order to protect sensitive data, employers are looking to persistent data-centric security to tether their sensitive data all the time and anywhere.

Employers thinking about implementing a persistent data security approach to deal with today’s mobility challenges may want to consider the following key points:

  • Sensitive data must be protected at the point of origin and through its life-cycle
    Highly sensitive data critical to core business functions must be protected at the source and not at the perimeter. Companies must protect data while in use whether someone is creating it or accessing it from file shares or repositories  Controlling the life span of sensitive information, including disabling access dynamically is key to protecting it on mobile devices and cloud repositories.
  • Encryption alone is not sufficient
    Protection of confidential, private or highly sensitive information should combine encryption with persistent usage policies to ensure that businesses control under what conditions a user can have access and what an authorized user can do with this information once access is granted.
  • Sensitive data will be localized at places you don’t know, control or trust
    In the daily course of business, whether through user error, complacency or malicious activity, companies lose control of sensitive data. Because the places data goes may be untrusted, one cannot rely on the security of the network, device or application to protect that data. Data must be protected all the time regardless of location or devices.
  • You need visibility into who accesses the protected data, when, and how many times
    Detailed visibility ensures auditability and insight into usage patterns and potential issues, which in turn significantly improves control.

 

Since we live in a mobile and digital work environment, organizations must secure business documents that are portable, easy to copy and more prone to data breaches. Although many organizations have made large investments in perimeter based security, they are still getting breached. Insider threats and employee data theft are a top concern to every business as this type of breach, which often are the most damaging, can mean the end of business.

You can continue putting all of your resources into perimeter based security or you can look to persistent data-centric security for your data protection – all the time and anywhere.

Categories
fasoo_logo
Contact Us
Your data security journey starts from here!
See how Fasoo can help your data privacy and security.