Are you doing enough to secure your organization's sensitive information? If all your security measures are focused on the volume level rather than the file or document level, chances are the answer is 'no.'
While the security risks associated with sensitive files and documents have been around for as long as sensitive files and documents have existed, a confluence of today's corporate environment—businesses are increasingly relying on mobile workers and collaboration between geographically dispersed workers and business partners—and technologies like mobile devices and browser-based file-sharing applications have increased the scope of the risk.
"A lot of the issues have been around for a while, but the playing field has changed," says Larry Ponemon, chairman and founder of research think tank Ponemon Institute, which last week released its 2012 Confidential Documents at Risk Study, a survey of 622 IT and security practitioners with an average of more than 11 years of experience. "Everyone wants to connect and they want to do it anywhere and immediately."
Common Practices That Put Information at Risk
Common business practices, frequently leveraged by employees seeking to be more productive, are often responsible for putting information at risk. Five scenarios are among the most common, according to the Ponemon Institute's study. The scenarios are as follows:
- Employees attach and send confidential documents in clear text from the workplace using Web-based personal email accounts. The Ponemon Institute's survey found that 68 percent of respondents believe this happens frequently or very frequently, and 71 percent say it results in the loss or theft of confidential documents.
- Employees download, temporarily store and transfer confidential documents in clear text from a workplace desktop to a generic USB drive. Sixty-five percent of respondents say this happens frequently or very frequently, and 68 percent say it results in the loss or theft of confidential documents.
- After registering with Dropbox, employees move several large files containing confidential business information to the application without permission of the employer. The survey found 60 percent of IT and security practitioners say this happens frequently or very frequently, and 57 percent believe it can result in the leakage of confidential information.
- Employees download confidential documents to a public drive, thus allowing other employees to view and use this information from various mobile devices. Sixty-two percent of respondents say this occurs frequently or very frequently, and 56 percent say it can result in the loss or theft of confidential documents.
- Employees download confidential documents to a public drive to collaborate with business partners and view and use the information on tablets. Fifty-five percent of the respondents say this happens frequently or very frequently and 51 percent say it results in leakage of these documents.
Data Loss or Leakage Is Common
And these risks are not merely academic. The Ponemon Institute's study, sponsored by WatchDox(www2.watchdox.com), a provider of secure access and collaboration products and services, found that 90 percent of organizations experienced leakage or loss of sensitive confidential documents during the last 12 months.
Security firm Symantec, in its 2012 State of Information Global Survey, released in June, found that two-thirds of businesses had lost important information in the past 12 months due to causes ranging from human error, hardware failure, software failure and lost or stolen mobile devices. Symantec also found that two-thirds of businesses had exposed confidential information outside the organization in the past year, and almost one-third had regulatory compliance issues related to their information in the same period.
"It's really unstructured information that is the life's blood of most organizations," says Ryan Kalember, chief product officer at WatchDox. "Financial documents, image files, PDFs —all of this incredibly sensitive information exists in file or document form.