Recently with the details being released on retail data breaches, celebrity photo leaks through the cloud and consumer file sharing sites being a target for cybercriminals, a spotlight has now been shined on IT security and more significantly how data is safety transferred. For enterprises, these security events bring about the question, ‘could cybercriminals access my business data through these common tools?’
Most employees who use consumer file sharing applications in the enterprise, like iCloud or Dropbox, choose to use them because of their convenience. Personal email, consumer file-sharing sites, remote storage devices and cloud-storage services, all present unique and significant security and compliance risks to organisations. And all too often the user fails to use them safely or they are simply unaware of the potential security risks. Consequently, businesses need to take precautions and mitigate these threats, which until recently, have often been ignored.
Govern and educate
One of the simplest ways employers can reduce threats is to introduce governance to keep data within the enterprise IT environment. In light of recent data breaches and thefts, the most basic way to stop your data from being in jeopardy is to restrict employees from using consumer-grade file sharing systems. A Globalscape survey found that a staggering 45%of employees openly admit to using consumer-grade file sharing solutions to share confidential corporate information, yet they are simply unaware of the risk of engaging in that behaviour.
Implementing a number of rules prohibiting the departure of business data by unapproved means will undoubtedly increase security. Additionally, data stored within an enterprise IT infrastructure is able to be monitored and managed by the internal IT team. It is imperative to teach employees that, when files leave the safety of a business’ managed infrastructure they are very difficult to track. If that data lands in the wrong hands IT teams are left unable to do anything about it.
Implementing rules is good in theory, but without providing employees with the tools to obey them there is a risk that employees will go back to using the unsafe tools that they are comfortable with, such as consumer file sharing systems or unencrypted USBs.
By simply providing employee-friendly technology that works the way they are used to, such as an easy to use managed file transfer system or encrypted USBs, the company will empower employees to use alternative means to transferring files and remain in compliance with company governance.
The growth of the mobile workforce and the importance of flexible working to many have meant that more and more people are working remotely, however that should not limit the IT teams ability to govern. Enterprise-grade Managed File Transfer solutions provide the IT department with full access to the whole file system which will deepen visibility into what is being accessed and removed, and more importantly by whom.
Deep level visibility will also allow IT departments to restrict access to certain datasets. For example, a particularly sensitive piece of information should not be allowed to be copied or removed from the system by members of staff.
Ensuring IT security for any business is an ongoing process. It is unfortunate that it takes a data breach as large as the celebrity iCloud incident to spark businesses into action. As new tools and software are introduced to the workforce, organisations need to be aware of the potential security risks. IT teams also need to work together with employees when choosing new technologies, this will help to ensure that the employees utilise the proper technology and it will also ensure that the data and proprietary enterprise information is secure.
Some companies have already put data transfer governance in place and are investing in managed file transfer systems, which is a great first step; however, this must be accompanied by employee education and empowerment. Providing an environment where safe file sharing is an essential best practice is relatively simple through ongoing education and top-down leadership. Ultimately it will pay significant dividends for the safety and security of enterprise data.
Sourced from James Bindseil, CEO of Globalscape