One of the major problems in the digital age is the transportability of data. Even large quantities of files and papers can be moved on a device smaller than a coin. Therefore, removable media control is one of the essential things to include into your cyber security risk assessment.
One of the countermeasures was the tendency of endpoint security; meaning, that computers and servers were locked down in such a way that files cannot be copied to mobile devices and taking out of the office.
Approximately 10 years Ago I served on a project in which the lack of endpoint security lead to significant damage of the company. The client was a large law firm with the global footprint, and had repeatedly become victims of extortion of employees who were pressed into retreating sensitive data from the organization’s systems.
What we ended up doing was not only implementing an end point security scheme but went one step further and made the general moving files much more difficult, without limiting business operations.
Our solution was to make files available on The company server without making them copyable by any element. Obviously, 100% security could never be guaranteed but the point of the operation was that the possibilities of extracting a file in sensitive information from the corporate server was much more difficult.
Specifically this meant that files which were shared with employees are third-party assets were opened in a browser and could only be sent via link. The link within open the file for review, but classified files could not be downloaded, copied, or otherwise removed from the system.
While this didn’t entirely solve the problem, it took the edge off, and made it possible for the technical personnel to sleep a bit more comfortably.