The biggest threat is on the INSIDE
10 years ago you would have had a good chance of catching your employee walking out the door with a batch of files. Today all a person needs to put your entire organization at stake is an inexpensive thumb drive which will allow them to steal and expose a pretty significant amount of your organizations data – if not all of it – because everything is stored, archived and managed electronically, most of the time for convenience sake. This also makes it convenient for thieves.
Increasing the risk is that you are hardly able to buy computers without USB ports anymore, yet you can deactivate them by using software, minimizing the first and most obvious risk.
However, first thing’s first and the most obvious thing is that most organizations grant their employees free access to all of their files.
This risk can be reduced by deploying an MLSEC, or multi level security guideline giving them access to the files they need to work with and only allowing them access to these files for the duration they actually need them. You may have heard the data classification terms Top Secret, Secret, and “need to know” basis before in movies. This is exactly what is being described therein.
One measure which is more of a deterrent than an actual preemptive measure is logging file access, meaning that each and every file access is logged to their ID including time, date and what they did with it. True, this will not keep them from taking the files but presents a barrier for some to breach knowing that they’re being scrutinized.
These – and other, more individual measures – were implemented by me in a large, US based law firm upon one employee taking important case files with them.
More info on the whole topic and how it can help your organization is available upon personal request.
Related posts:
