Every company has data leaks.
It is impossible to plug every one of them. It is possible to manage them though. The data leak doesn’t have to be access to the network by nefarious individuals. Most likely it is your own employees taking action without really thinking of the consequences. Like the domain admin giving a domain level account and password over the cell phone in a crowded elevator -- He was trying to solve an issue, but missed the environmental conditions he was in. So now everyone in that elevator knew a domain level admin credentials for that company. But you don't know which company he works for you say...sure we do, just look at his ID badge clipped for convenience to his clothing. It’s the little things that get you in trouble too.
Some sources of data leakage are:
- Allowing access to personal email, staff can send out data without you tracking it.
- Allowing USB usage, staff can put in a USB drive, phone, and even IPods that can sip the data.
- Sensitive papers lying about on desks unsecured to be viewed by anyone.
- Talking about sensitive information in public spaces
How to manage this? Well there are several ways. The most successful way is to institute policies for your staff. Having the staff aware there are guidelines and consequences is addressing most of the issues. You will need to have a training schedule for new hires and reviews for user. Having the user acknowledge the policies with a signed document will provide you foundation for maintaining the security. These policies can be as simple as the clean desk policy which dictates what can be left out when a user is not at their desk, to technology policies which dictates what devices are allowed into the site and how they are used.
To support the policies you can leverage technology. Using Active Directory Group Policies to control access to resources on the network, device usage such as turning off USB ports, all this is possible. You can use third party applications to control web access to email, track access, and allow access.
This may seem draconian, and it can be if misused. But the trick is to apply the right amount of restrictions to protect the company and balance the access given for work. So you can't access Facebook on your work computer, big deal, you’re working. Odds are you have it on your phone anyway. Using technology to enforce the policies will enable you to maintained standards consistently all day to all staff. It is auditable and can be changed as the environment changes.
So keep you staff informed, your policies current, and use your technology to simplify and standardize, and revisit both often for review and updates.
Trigon Technology Group and Kleinbard Bell & Brecker LLP have developed a new cyber risk assessment reporting package, Frigate. It is specifically designed to offer any business with an Internet presence a comprehensive assessment of their current cyber risks.
Frigate introduces a new algorithm-based model for identifying Internet security risks for any organization that acquires, holds, processes or transmits third-party personal information of any kind or that has sensitive trade secret information, intellectual property assets or other private information. Unlike an external vulnerability assessment or a penetration test, this cyber risk assessment identifies the legal risk that your technology could possibly expose you to. The end result is a comprehensive report (as well as all information used to generate the report) that is protected under the attorney-client privilege. Additionally, a follow up meeting with an attorney and CIO-level resource to review the findings and discuss remediation steps is bundled into the product.
“We developed Frigate in response to an ever changing and complex Internet driven business world where it is increasingly important that organizations understand the security risks and legal and technological threats that can negatively impact their bottom line,” says Ned Dunham, Kleinbard attorney and primary architect of Frigate.
Important features of Frigate include a secure assessment process and a report (as well as all information used to generate the report) that is protected under the attorney-client privilege when the organization engages Kleinbard to administer the risk assessment. Click here to see a brief sample report.
The Philadelphia Business Journal published an article on Frigate entitled "Kleinbard introduces a cyber security service." Click on the link to read the full article .
Trigon Technology Group is very excited about working with Kleinbard Bell & Brecker, the premier business law firm of its size in Philadelphia. Founded in 1939, Kleinbard Bell & Brecker's more than 60 years of providing sophisticated legal representation sets it apart from other similarly sized business law firms.
For further information or to being the cyber-risk assessment process, please contact us at firstname.lastname@example.org or call us at 484-323-5004.