Data in motion: What are your employees doing to your data?
By Benjamin Cher June 13, 2016
- Technology moving faster than corporate policies or government regulations
- Boardrooms understand the reputation risk, now looking to tech for salvation
IN most offices, there lurks a rogue IT element that threatens to expose the entire organisations to reputational risk.
No, it is not some cybercriminal hiding within the system, just normal employees using file-sharing tools like DropBox for their work.
IT departments are fighting a constant battle against rogue or shadow IT elements, but they are clearly on the losing end.
The biggest danger to the security of data in motion is the fact that corporate policies and government regulations are not keeping up, according to Todd Partridge, vice president of product marketing for New York-headquartered Intralinks Holdings Inc.
“It used to be that when people interacted with technology, it was given to them by their company, but today that dynamic has been flipped 180 degrees – employees are coming with the tools they use at home, to use in the business,” he told Digital News Asia (DNA) in Singapore.
While such consumer tools might be easy to use, they were not built with enterprise security in mind, cautioned Partridge.
“When employees want to use consumer-grade tools, the company is at risk because unknown to the employee, the company needs to have a compliance or audit trail, tracking who has touched a document.
“A lot of times, those don’t exist in these consumer-grade tools … they were never built for the enterprise,” he stressed.
The weakest link
Which is why most data breaches have been caused by human error or behaviour.
“It is part education – firstly, you need to have a policy in place, but you’ll be surprised how many companies don’t … they haven’t got around to putting one in place,” said Partridge (pic).
And having a policy is useless without enforcement. Companies need to walk the talk in enforcing the policies they enact.
“No-one wants to be the bad guy, but you have to enforce your policy,” Partridge said. “There are repercussions if your corporate policy is not taken care of.”
On their part, IT departments should not merely shut down or ignore employee requests, but look for appropriate tools.
“There are tools available today that can remove some of the friction and provide the experience users are looking for,” said Partridge.
“It is more of a diligence exercise – companies need to find tools that give them the security they need, but with the user experience [employees] are looking for,” he said.
If the company just says ‘No’ to employee requests for the consumer-friendly tools they want to do their jobs better, then they would merely be opening up another can of worms.
“If you don’t [provide these tools], they’re going to find another way to do it, and that is not going to be good for your company,” he added.
Across the corporate world, boardrooms are becoming cognisant of, and grappling with, this issue, and are looking to technology to minimise the risk from human error or behaviour.
In doing so, there are three questions they should ask, according to Partridge.
“First, if you were a hacker, how would you hack your company? Second, what will your response be to being hacked? And third, what is the business impact of being hacked?
“Take it from that perspective and start looking for technologies that are aligned with it,” he advised.
The world of money and espionage: Not Bond, but data breaches
Internal affairs: Threats within your organisation
21st Century Risk Management Part 1: Managing risk means taking risks
I’m a CFO and I’ve been hacked!
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.