Ron Arden, Executive Vice President and COO of Fasoo, Inc., recently drafted a byline for InfoSec Island that highlights the risks employees pose in their most natural environment – the office – through collaboration with their co-workers. Email, instant messages, file transfers, and digital downloads can all expose vulnerabilities to an organization’s high-value data yet in an office environment these tasks are constantly happening. These behaviors can put sensitive data at risk.
Some organizations may become distracted, always trying to defend themselves against the “bad guys,” and forget to keep an eye on their own flock. Executive leadership should ask themselves: do our employees access files containing high-value information? If so, how often and what are they doing with these files? Should they even be allowed to access the files in the first place?
Our recent Ponemon study, “Risky Business: How Company Insiders Put High Value Information at Risk,” found that careless employees are the primary cause of data breaches (56%). That being said, there are steps every organization can take to minimize risk.
Employees that are educated about access levels, the importance of the data they use, and protocols on how to handle the data are less likely to inadvertently send a file that is unsecured or sent it to a contact who should not have access. Consistent reminders of these protocols is also key to maintain a high level of security. Where education may fall short, data security frameworks close the gap. These frameworks can show organizations where their data is held, control access permissions and monitor the authorized users.
The Fasoo Data Security Framework helps address the need to find sensitive, high-value data and manage it so that only authorized people can access it. Controlling this information at all times is a critical business requirement, since companies of all sizes and in all industries create and are care takers of intellectual property and sensitive customer information. You should think of treating this high-value data the way a bank teats currency. You need to know where it is at all times and who has access to it.
A combination of employee education, with the confidence of the data security framework safety net, will ensure that trade secrets, customer data, product designs and any confidential information remains that way.