The Security is highly important these days in ANY organisation, private or public, in any vertical market, it doesn´t matter. The new economic globalisation and the eclosion of a geo-located structure have made new and brilliant internal and external threats.
It’s true from 5 years to today; almost every company has at least the minimum security in-house, I’m talking about Firewalls, Antivirus, and anti-spam at least. And I agree that the minimum was enough to protect our business from outside. But I also agree that the internal protection is the biggest unknown security now, and unfortunately, the ‘bad guys’ go one step ahead of us. The old techniques included/meant trying to bypass the firewall, but today many of our staff are not seated in the office, so there’s no firewall. But let’s go beyond that, let’s imagine a mad internal personnel, let’s think about one of our new employees, are we sure he or she is not doing anything bad with my data? Have you heard about Spy Industry?
At this point, if you are thinking we are talking about needing a DLP (Data Leak Prevention) you are right, and obviously, we need to be sure no one bypasses our ‘corporate compliance rules’ like who can send what type or content of data outside… BUT is that enough? Sorry to say, no it isn’t . According to the research on 2014 ‘Cost of Data Breach’ from IBM/Ponemon, the 84% of the security issues contains stealing or incorrect use of corporate data.
That’s right, many corporate users steal business information or don´t use it correctly (according to Compliance department). Maybe just an excel with VIP customers leaked on a pen drive or using a cloud drive provider in the worst case.
It’s not new, and many companies push their staff to sign a ‘confidence clausure’. But is that enough? In my opinion NO. It’s more effective to remind the user what they doing, whether it’s allowed to do it or not and what the consequences will be. In the “real world”, on the streets, governments and private properties remind us of the use of CCTV to ‘monitor us’; And you obviously do not think to ‘do anything bad’ while ‘CCTV in operation’.
Based on that idea, why don’t we monitor our staff? Why don’t we develop that plan to the cyber security world? But we will monitor ONLY when they are accessing the ‘risky and highly confidential data’. I.E. access to our CRM, or a critical SQL server.
We are talking about corporate workers, but now think, does all the staff working on your company belong to your firm? Sure? So you don’t outsource anything? I do not know any business with more than 500 users who doesn’t outsource something : IT helpdesk, Marketing, Designers, Legal, etc..
So there’s no better way to prevent any DLP if we remind a user when it accesses a private part of the business ‘Hey smile, to the camera you are on TV.’ And why not use the tampered video recorder as evidence to demonstrate his/her actions.
Today, as far as I know, only a few companies have developed this idea to the market.
Technorizon UK, can help you drive your DLP project, contact us for more info.