Almost every company today deals with personal information such as names, addresses, and DOBs. In addition some companies deal with financial and medical information such as Medicare numbers, and bank information.
Every company has a responsibility to protect the data it holds about their customers under the Australian Privacy Principals.
In this article we’ll have a quick look at ways data can leak from your company through non-malicious activities. Non-malicious activities are those which do not involve a hacking attempt or malware on your system. (We looked at preventing malicious security breaches in a previous article)
Employees that spend a lot of time outside the office probably have a laptop. That laptop contains copies of data being worked on, and other confidential company information. Do you have a policy in place that can protect this information if the laptop is misplaced or stolen? Is there a policy around acceptable USB drive use?
Cloud Storage Services
If a cloud storage service is setup as part of the company infrastructure (i.e. managed by your IT provider), then that is considered fairly safe.
The major issue is when employees sign into their own personal OneDrive, Dropbox, or other cloud sharing account and put company information in there. This information is then automatically replicated on all their devices (such as phones, personal computers at home) which are unmanaged and unsecure for company information. What would happen if one of their personal devices gets a virus or is stolen with that company information on there?
Incorrect Disposal of Old Equipment
Another big issue is the incorrect disposal of old desktops, laptops, servers, and external drives when they reach the end of their life. Are they just put out for rubbish collection, taken to the rubbish tip, given to a charity, sold for spare parts, sit around the office? Those old devices contain huge amounts (particularly servers) of confidential data that can be retrieved by anyone with a bit of technical knowledge. The devices must be securely decommissioned at the end of their life to protect this data before they can be recycled/disposed at a dedicated e-waste station.
Are your offsite backups secure? What happens if your receptionist loses the backup drive or tape? Can someone simply plug it into their computer and see all your company’s data?
What would happen if proprietary company information, or personal information was leaked online? The number one issue for personal information is it being sold on the deep web and used for identity theft. Identity theft is expensive and time consuming to recover from for individuals.
Company information can be used for extortion demands, or threatened to be released onto the internet. Which could cost companies not only their money, but reputation and customer trust.
Blue York IT Solutions uses a range of measures we provide as part of our Managed IT Services to help protect your data from leaks in these and other ways. One thing that differentiates us is we include a consulting service to help proactively solve these types of problems in your organisation. If you would like any more information about how to protect your data from leaks then please contact us using the information below.