The leakage of ‘top secret’ information from the National Security Agency (NSA) by former contractor Edward Snowden, has sent shockwaves throughout US security institutions. Not only have the documents alleged ‘snooping by the US authorities’ but the theft of data via a USB stick has hit the institutions’ credibility hard – really hard.
If top secret files can be leaked from the NSA, you can imagine how much easier it is for a business to lose data in the same manner! The question is, can it be prevented?
Since most businesses rely on computers to store important information, and the means to steal data are available to anyone, it is often not a matter of “if” anymore, but a matter of “when” someone will remove this data.
Your computers host information about your company finances, payroll, private customer information, partner relationships, legal contracts, and intellectual property. While employees need access to business-critical information to do their job, the line between “need-to-know” and “good-to-know” is just a matter of a few keystrokes. The information can be used by a malicious employee for financial and personal gain by selling the intellectual property and customer lists.
What is worrying is that the means to steal data are within everyone’s reach. Smart phones often have storage capacity equal to, if not more, than that in common USB/flash drives.
Company policy, when in place, often does not prevent the use of such devices at the office. Given that USB sticks/flash drives are cheap, widely available and very easy to conceal by employees or visitors, responsibility and monitoring capabilities are often outside of HR’s control. The task then falls to the IT administrator. Your business has security sensitive data across the IT environment and data can be taken out of the office (or files added too) with relative ease and very little technical knowledge. Although the NSA story involves someone intentionally stealing data, you can easily forget a USB drive or phone in the back of a taxi. Different scenario. Same problem.
The use of unauthorized storage devices can impact your business in two ways, with differing consequences.
First, usage of unauthorized storage devices can lead to data loss, which in turn, depending of the nature of the data lost or stolen, can have serious repercussions on the business. What would happen if you lost your customer database? You will lose credibility and tarnish your reputation: your customers and partners may question your reliability – some will leave, impacting revenues. You might even be legally liable.
What would happen if you lost intellectual property? Your business might struggle to recoup years of R&D, while those who have your IP will gain an advantage. You might be forced to change business priorities and also suffer losses on your investments. What would happen if the stolen data is used to commit a crime? You are legally liable for not protecting it. Legal liability implies increased costs, possible fines and loss of revenue.
Secondly, reverse can happen when such devices are used – malware or unauthorized applications could be installed on the network leading to downtime, productivity loss or legal liabilities with third-party application developers.
The good news, however, is that there are tools you can use to control USB/flash drives and help minimize the dark side of the ‘Bring Your Own Device’ (BYOD) phenomenon. GFI EndPointSecurity™ 2013 gives you flexible control of your removable media devices including: USB sticks, flash drives and smart phones. Through a single console you can gauge the risk of data leakage and set granular policies. GFI EndPointSecurity 2013 software can be deployed on your IT assets, to ensure that only authorized persons and authorized devices have access to privileged information, ensure that only certain types of information is moved onto /from a device, that the information on the devices is encrypted, so that data at move is secured, and last but not least, ensure that all access is audited, so that you can prove accountability in case of legal litigations.
Invest in your security today and avoid business loss. Let your customers and partners know that you are investing in security to boost security, protect their interests and improve the quality of service.