Minimizing Insider Threats: The Unwitting Disclosure

Posted by Amanuel Tsighe on Oct 22, 2013 2:46:00 PM

In our last post, Minimizing Insider Threats: The Rogue Employee, we looked at how organizations can implement effective security measures to thwart a determined effort to leak private information. But insider threats are not limited to employee sabotage. With the accidental click of a button, a well-intentioned employee can cause a disaster of rogue-employee proportions. One may argue that there’s a fine line between deliberate data loss and unintentional data loss. Even if we’re all prone to making mistakes, isn’t it the responsibility of IT administrators to prevent an accidental leak of data that easily could have been prevented with the proper safeguards? 

describe the imageAccidental data loss has the potential to divulge trade secrets and intellectual property, strain client relationships, and ultimately compromise your revenue. So what’s a CIO to do? To minimize the risk of an unwitting disclosure, let’s identify and remedy four common threats:  

1.  Outgoing Email With Wrong Recipient – Encrypt, encrypt, encrypt. Last September we witnessed the calamity an accidental data loss can bring when the Georgia Department of Labor accidentally emailed the Social Security numbers of more than 4,000 individuals. Labor officials later requested the 1,000 email recipients “please delete the email and attachment immediately.” It can happen to the best of us. Implementing a DRM solution, like FileOpen RightsManager, assures that only authorized users can view a document. FileOpen's RightsManager is closely integrated with Microsoft Outlook so you can email documents securely and know they can't be forwarded or shared. Store your sensitive information in secure documents in lieu of email bodies and spare yourself the “please delete” email.

2.  BYOC (Bring your own cloud) – Share files securely. According to a new survey from Usamp, 41% of employees admit to using unsanctioned services like Dropbox, Box and Google Docs on mobile devices to share files. The estimated annual cost to remedy the data loss is about $1.8 billion. Once documents are encrypted, prevent or circumscribe document sharing with permission policies that preclude forwarding, expire access, and monitor document access. Need to remotely access documents outside of the LAN? With a secure file hosting service like FileOpen Viewer, you can still use Dropbox and Box to host your documents, but be certain that only users you specify can view them.

3.  Unfettered document access – Control printing and enforce a machine limit. As discussed in our first installment of Minimizing Insider Threats, enforcing a “need to know” policy is imperative in preventing an internal data breach. Once employees are limited to the least number of documents required to do their job, enforce a “need to print” policy. Printing sensitive documents opens a world of vulnerabilities, since unauthorized copies can’t be tracked. Minimize these threats by controlling who can print which documents, and how many times - if any at all. Applying watermarks can ensure the traceability of sensitive documents by overlaying key metadata, such as the username, date, time, and location of printing, to any printed copies. Also, on how many machines does employee X need to access document Y? Her office workstation only? Multiple machines around the office? To prevent an employee from accessing sensitive information on unsecure networks, enforce a machine limit and ensure that she may only access the document from a specified number of machines.

4.  BYOD  Instantly Revoke Access. BYOD is here to stay. According to a recent Gartner study, by 2017 half of employers will require employees to use their own devices for work. The convenience of BYOD also brings the concomitant risk of physical data loss. So how can we assure data security on a device that we’ve lost? Simply applying passwords to documents is not a scalable solution for BYOD. Using a comprehensive DRM solution that supports iOS and Android, you can link all of a user’s devices to their company login. If one of their devices is lost or stolen, the IT admin can instantly revoke all document access specifically for that device.

Encrypt, share files securely, control access, and revoke access. Share these tips and let’s help our IT admins get a better night’s sleep. Also, check out our whitepapers and demonstration documents to discover how FileOpen DRM can help you realize your security objectives.

Topics: document encryption drm document security data leak