Tackling data leakage


29 October 2016
Daren Glenister of Intralinks

Today, digital platforms are simplifying the way data and personal information is moving around the world. With these developments, risks from cyberattacks are heightened as cyber criminals take their methodologies to a different level by becoming more industrialised and more organised.

According to a study by PwC, the number of security incidents across all industries worldwide rose by 38 per cent in 2015. That’s the biggest increase in the 12 years since the global study was first published.

The poster child for employee data theft is of course Edward Snowden, a former US National Security Agency employee who gave journalists access to thousands of the NSA’s classified files.

Here in Asia, recent high-profile breaches involving digital toymaker Vetch Holdings, Standard Chartered Bank, and BlueScope Steel highlight how common data breaches are in today’s corporate world and the consequences for organisations that do not take cyber security seriously. Businesses that experience a serious breach risk losing valuable intellectual property. Management attention is also distracted from core business activities, potentially leading to a reduction in profit.

Indeed, businesses that fall victim to a breach can incur high costs as their managements invest in forensic services to attempt to uncover the data that was accessed without authorisation. There are also issues with reputational damage when a data security breach receives mainstream media coverage.

According to a report released by consultancy firm Grant Thornton last September, Asia Pacific businesses lost about US$81 billion to cybercrime over a period of 12 months.

It is essential, therefore, for businesses to prioritise data security as a critical issue and as simple as it may sound, one of the key steps businesses must take is to invest in technology that reduces the risk of a data breach.

Some of these solutions will be able to lock down data by removing unsecured points of access to information, for example, by ensuring staff cannot use thumb drives to save information from desktop and laptop computers, or email confidential documents to home accounts or to third parties.  

They can ensure businesses are able to control high-value IP and prevent it from leaving their systems without proper authorisation. They are also able to draw on encrypted data to validate user credentials and be able to prevent staff from accessing other users’ passwords,

Ideally, the system should be configured such that security is embedded in documents through technology such as Information Rights Management which protects data inside and outside the enterprise perimeter.

Another key step is to ensure that employee identity is the organisational perimeter for information rather than the business firewall, especially given how prevalent remote working has become. This can be effected through protocols and solutions for Single Sign-On, Identity and Access Management, and Multi-Factor Authentication.

Aside from investing in cutting-edge technology, there are a number of other important steps businesses should take to reduce the risk of their data being compromised.

The first step is to categorise their data to determine what is sensitive and commercially critical and what is not. From there, businesses need to develop an access strategy with clear guidelines determining the right access levels for different roles in the business.

Finally, it is essential to have the correct policies and procedures around information storage and access. This involves ensuring employment contracts include clear guidance about how seriously the business takes data security and the consequences and penalties of breaching data security rules.

Ongoing education and training about issues, such as not sharing passwords or logging on as another employee, ensures data security remains top of mind for staff and reduces the risk of a data breach.

Good data security requires ongoing vigilance by organisations. It involves a combination of up-to-date technology, robust policies and procedures, and a commitment by management.

Now is the time for organisations to act and ensure that they have a comprehensive data security strategy in place, supported by the right tools to protect their data as well as a culture that inhibits data leakage. 

  • Daren Glenister is Field CTO with Intralinks.