Is a lack of disk encryption and port control the weakest link in your security strategy?
Enabling a workforce to be productive means allowing personnel to work and access systems and information anytime and anywhere. But the trend toward more mobile working is increasing exposure to IP theft from a laptop, desktop, or mobile device.
The costs of the loss or theft of valuable data from an unsecured device can be significant, including:
- The value of the data stored on the device itself – this could range from thousands to millions of pounds, depending on the nature of the data
- The increased risk of a targeted attack on the company’s people and systems – the typical corporate laptop contains a wealth of information that could help a cybercriminal further penetrate an individual or an organisation’s defences
- Fines levied by regulatory authorities, particularly if the breach involves a loss of personal information
Data security incidents are a major concern for organisations of all sizes and are a key area of action for the Information Commissionaires Office (ICO). Recent findings published by the ICO showed that in the most recent quarter (Q1 2015/16), there was a twenty two per cent increase in data breach incidents resulting from loss or theft or unencrypted devices.
Whether it’s organised criminal gangs, unscrupulous competitors, hostile states, or opportunist thieves, there are many people out there keen to get hold of an organisation’s valuable data. Trade in IP is now big business.
Breaches from cyberattacks are common and increasing; a UK government report highlighted IP theft as the most damaging cybercrime for UK businesses, resulting in a loss of £9.2bn a year. Additionally, a survey of almost 4,000 IT managers in 27 countries has shown that over one in five manufacturing firms reported a loss of IP in a cyberattack in the past year.
While the causes of data breaches are varied, the majority are a result of either malicious attack or human error. Recent research into the root causes of data breaches found that forty seven per cent involved a malicious or criminal attack, and twenty five per cent involved a negligent employee or contractor.
Businesses are increasingly aware of the risks of IP theft, but many have glaring holes in their security strategy when it comes to securing data-at-rest. Here are five practical steps to consider when reviewing your data management and protection policies:
1. Protect your data
Implementing effective security measures begins with understanding what data you have, where it is stored, and how it is shared. More breaches occur from data being copied onto removable media and devices, rather than lost or stolen laptops. Protect your data by ensuring that any data that is copied to a peripheral device is fully encrypted.
2. Don’t rely on single layers of security
Multiple layers of protection reduce your vulnerability to malicious or accidental breaches. For example, as well as requiring user authentication via password, you could implement technology on your devices that prevents the hard disk being unencrypted if removed from the device.
3. Reduce complexity where possible
The more convoluted your security procedures are for users, the greater the likelihood of breaches as a result of their actions. Enabling single sign-on to any device limits the impact on your users and reduces your risks.
4. Security is key – but the business still needs to operate
If your security policies and technologies prevent people doing their jobs, they’ll inevitably find a way to bypass those controls. When implementing technology solutions, check that they’re flexible enough to meet the needs of your business and your users.
5. Ensure you have effective management control
Having the right technology on your endpoints is of limited value if you can’t easily manage that technology and you don’t have visibility of what users are doing on their devices. Ensure you have the tools to monitor and report on which devices have been encrypted and what data users are copying to removable media. If you can’t prove to regulators that you’ve taken all reasonable measures to protect your data, you’re more liable to receive a substantial penalty.
Using industry-certified encryption to protect your data across your device estate significantly reduces the risks of your valuable IP being compromised via a lost or stolen device. It also helps to limit the impact of a breach if one does occur.
When choosing an encryption solution though, you need to be aware of your own specific requirements. Make sure you maintain a holistic view of your entire device estate to ensure that you choose the solution that best suits your business.
Cath Hackett, Becrypt
Image Credit: Shutterstock / SFIO CRACHO