Today, data is everywhere. Collaboration and file sharing platforms like SharePoint, Office 365, Dropbox, Teams and Slack have made it easier than ever for users to collaborate. Remote work has yielded an even bigger increase in communication with content being created and shared across the enterprise and with third parties: contractor, vendors, and partners. However, with increased collaboration comes data, lots of it – everywhere. It’s no longer just in file shares but is also in emails and chat threads.
While every company may not have skeletons in their data closets that could discredit or embarrass them, there is a lot of sensitive data that every company needs to keep secret. Here’s some advice on how to keep these skeletons locked in the data closet or repository where they belong.
4 Data Skeletons that Will Come Back to Haunt You
Skeletons of Data Past
Every enterprise has a skeleton or two in their cavernous digital closets. ‘Dark data’ – the information companies collect in their regular business processes, don’t use, don’t’ plan to use, and have no intention of deleting – can hold some scary surprises.
According to the State of Dark Data report, globally, about 55% of an organization’s data is considered “dark”. Digging a little deeper, a disturbing one third of respondents estimated that more than 75% of their organization’s data is dark.
Data skeletons can put your company at serious risk. You need to know where your sensitive data is, especially if it’s regulated by privacy or industry specific regulations. You also need to determine if it is secured properly and who has access to it.
The first step to shedding some light on dark data is to discover and use data classification to get a sense of how much unclassified sensitive data exists in your collaboration tools and file shares. After that you should put protection in place to ensure that only the right people can access it and under the right conditions before that unclassified dark data makes its way out of the dark corners of the closet to haunt you.
There’s good skeletons in every closet, the ones that are the lifeblood of your organization: intellectual property (IP), customer info M&A, financials, etc. For government and defence agencies, and the supply chain that supports them, nation state secrets, research, military technology and operations are at stake.
If these skeletons were to get out the results could be devastating to your bottom line. This ‘lifeblood’ is an attractive target to those outside and even within the walls of your organization. In a recent example, a new Tesla employee stole 26,000 confidential files in his first week on the job.
Dirty Little Secrets
While not everyone has them, there are ‘dirty little secrets’ or confidential reports you may not want to share with the world, as Facebook recently learned. These skeletons have the power to wreak havoc on your reputation, and incidents may be perpetrated by users who feel that they are stealing and sharing the information with the world for the greater good.
Ethics aside, at the end of the day your users should not be able to have carte blanche to your sensitive data. If you think that these are isolated incidents think again. The facts show data theft by malicious insiders is a real problem for organizations.
- Cyber espionage was a motive for 44% of public sector breaches.
- Highly sensitive research is also at risk with 20% of education attacks motivated by espionage.
- Almost half (47%) of manufacturing breaches involved the theft of intellectual property to gain competitive advantage.
- While 63% of insider incidents are tied to negligence, 23% of insider incidents were tied to criminal insiders.
- It takes an average of 77 days to contain an insider incident.
- The Commission on the Theft of American Intellectual Property estimates that annual costs from IP losses range from $225 billion to $600 billion.
It’s imperative to put protection in place to ensure that only the right people can access sensitive data and company confidentials – and only under the right conditions. You also need to control what users can do with that data. Even if they should have access to it, you also need to have controls in place to make sure it is used properly. You don’t want sensitive data or IP to mysteriously disappear from your repositories and magically reappear on the dark web, in a competitor’s hands or on the front page news.
Your users know they probably shouldn’t do it, it’s against company policy after all. But Barnabas is under a deadline and can’t get a guest added to your company collaboration tool. Besides what’s the real harm sharing data with a trusted vendor using his personal Dropbox account – even if it’s in the dark shadows of IT?
Shadow IT, or unsanctioned IT tools being used by users without company approval, is a real problem with 80% of workers admitting to using SaaS applications at work without getting approval from IT. Organizations have no visibility into who’s using these tools, what’s in them and what type of security controls are in place, if any. This poses huge issues for data that is governed by data privacy laws such as GDPR and CCPA.
The same lessons learned from these other examples also apply. Once a user is given access to a file it’s not enough to stop there. You need to also have controls in place to determine what they can do with it, who they can share it with and how.
Don’t Let Your Skeletons See the Light of Day
While stopping these skeletons from seeing daylight may seem impossible there are some simple steps you can take.
- Clean-out the skeletons in your digital closets. Leverage automation to scan file sharing and collaboration tools to identify where sensitive information is and classify it appropriately before it comes back to haunt you.
- Get proactive with data-centric protection. Data-centric solutions evaluate attributes such as document content and user context to augment security and adjust it in real time depending on parameters. They enforce zero trust right down to the data layer. For example, what is the document’s sensitivity, user role, time of day, location, and device being used, to determine if content can be accessed and what can be done with it based on these parameters and your data security policies.
- Restrict what users can do with files once they have access. Just because you are able to access a file doesn’t mean you should have carte blanche with it. Should a user be able to edit a file, or should it be read-only access? Should they be able to print it? Save it? Copy and paste it? What about sharing or emailing it? With whom? Look for solutions that can granularly control not just access to data, but usage and sharing rights as well to prevent it from walking out the door.
- Take the responsibility off of users. Training is often the #1 prevention tool cited by organizations to stop data loss. However, with simple negligence being the culprit in 63% of insider incidents, relying on users to remember and follow complex rules around data collaboration and sharing is clearly not an effective tool. Take advantage of technology that can apply restrictions to prevent simple sharing mistakes and stop more malicious actions such as data theft from happening in the first place.
- Audit access to sensitive data so you can understand who has accessed it and how it has been used or shared to provide a full audit trail. Be sure to have processes in place to notify managers and push data in SIEM applications such as Azure Sentinel and Splunk to alert stakeholders to potential violations or suspicious activity—such as say downloading a few thousand files in the dead of night.
Technology is your friend when keeping data skeletons at bay. Learn how NC Protect and Kojensi watch over your sensitive data to dynamically control who can access it and what they can do with it before your data skeletons can escape.