It’s 11:00 PM…Do You Know Where Your Data Is?
Not Where You Think it is….
Imagine when you were new to the job and were willing to work your butt off to make a name for yourself. Putting in long hours was the norm. Taking your work home used to involve throwing some disks in a briefcase and bringing them back in the morning. In 2017 that same young gun simply creates a Personal Dropbox account and copied the data to the cloud. With the best of intentions, your proprietary information was just jeopardized.
In another example one of your team members shared some confidential files with a strategic business partner using a cloud sharing solution. It’s easy to email a link to the folder so they selected the necessary users and sent them an email. But who received the email and was it forwarded? Who knows?
Your employees aren’t deliberately attempting to endanger your data, but without proper education on how and when to share files, convenience and ignorance trumps security.
Most companies provide a new hire with a place to sit, a PC and a handful of company applications necessary to do their job, but forget the most important component: the basics of data security. Breaking that trend is easy, but requires a consistent message to your entire team. Yes Mr./Mrs. CEO, that includes you too.
Lowering the Risk
Sharing data and having access to files from a remote location is absolutely necessary in today’s environment. I’m going to talk about several ways you can develop a consistent message for your employees to minimize the risks associated with these services and also how to fortify your network to prevent unnecessary risks.
First, the merits of strong passwords have been over-discussed. We all know the reasons; the problem is remembering all of them. According to SplashData the most commonly used passwords in 2016 were 123456 and password. Or your users give up and use the same password for all applications and services. Sure, this simplifies things, but if just one of those sites or services gets hacked ALL of your accounts are jeopardized.
One way to eliminate this issue is to implement a Single Sign-on (SSO) solution. SSO solutions allow a user to provide a single user name and password that will then forward their credentials to the necessary services. Since your users now have only one password to remember it can be EXTRA strong!
Second, discourage users from sharing credentials. In a recent survey, nearly 50% of users reported sharing credentials with coworkers. Implement the controls and processes necessary to ensure each user has a separate and secure account.
Finally, when using any file sharing applications, implement multi-factor authentication. Multi-factor authentication is supported by all of the major cloud storage solutions: Google Drive, Dropbox, Office 365. Using multi-factor is simple, merely register your cell phone with the service provider and each time you login they send you a confirmation code via text messaging. This makes your account virtually bulletproof.
Education is Critical
Most importantly, educate users and the risks of installing web applications on their workstation without consulting IT. Many users are glued to their PC for eight hours a day so they begin to think of their PC and actually being their own personal device. With the best of intentions, they install an app or web-based service to make the day go by a little faster. Unfortunately, these applications and services put the company at risk.
Consider an ongoing security training regimen for your company. We have been providing a web-based training program that is very cost-effective. The consistent reminder that security is paramount is absolutely necessary these days. Data security seems like a hardware or software issue, but it’s not. Practicing data security is an end-user skill that we have to continue to develop and improve.