Management

How to protect against embarrassing document leaks

 Print E-mail
Management
Written by Adi Ruppin, vice president of business development at WatchDox   
Tuesday, 25 October 2011

Document security continues to be a serious issue for financial institutions as smartphones and tablets introduce new threats.

 

Major companies and industry leaders are brought to their knees when confidential documents go public. No one knows this better than financial institutions like the Swiss bank Julius Bär, whose private documents were stolen and released, or Bank of America, whose stock price fell 3 percent following the mere threat of leakage onto Wikileaks.

Document security is a serious issue for financial institutions that are tasked with protecting sensitive, highly regulated information. If these kinds of documents are made public, banking institutions can suffer penalties from the Securities and Exchange Commission (SEC) for violating rules or from the federal government for revealing personally identifiable information (PII). A painful side effect is the edge a leakage scandal will give competitors, not to mention the loss of reputation among customers and the banking industry. For financial institutions, the topic of document and data security must be treated with the utmost care.

The proliferation of smartphones and tablets introduces new threats and regulatory issues. When adding mobile devices into the mix, the threat becomes even more serious: mobile devices are more easily lost or stolen, they can be used anywhere and they don’t have many of the technologies used on PCs to secure information. What’s more, the ever growing need to collaborate and share digital assets means you need to secure and control your documents – even after they have been sent.

Not surprisingly, 96 percent of people who deal with private information indicated that they are extremely concerned about that information ending up in the wrong hands. Their fears are founded in real possibility. In fact, one in three of those surveyed have had an experience when data leaked. In these situations, the leakage rarely occurred because of malicious intent. Sometimes leaks just happen. Let’s consider why they occur.

Sensitive documents are vulnerable in many ways, including:


Accidental leakage: This occurs when a document or information is not shared on purpose. For example, sending an e-mail to the wrong recipient can result in a leakage. An accidental, non-malicious leak is most common and occurs 83 percent more often than intentional leakage.

Partners or third-party leakage: Keep in mind that sharing documents with partners, customers or investors means that documents can leak from the parties regardless of how much security you have internally.

Outside break-ins into IT infrastructure: Organizations like RSA, Sony and Citigroup have recently experienced large-scale break-ins to their IT infrastructures. Every company, from the most powerful to the smallest business, should be prepared for document theft.

Disgruntled employees leaking information: Employees who have access to sensitive information can easily load it onto a flash drive and share it anywhere.

Loss or theft of laptops and mobile devices: As the workforce becomes more mobile, so does sensitive information. This kind of leakage is becoming more common with the influx of smartphones and tablet technology.

Even though companies have become more aware of the need for securing documents, few are taking steps to improve security measures. Executives and employees often assume that a great IT department means they are safe from leakage. But this is not the case. The examples listed of big companies who’ve been victim to leakage-- Julius Bär, Bank of America, Citigroup, RSA and Sony—prove that even the best IT departments can’t guarantee security.

But why is this?


Standard security tools were not designed for today’s mobile and collaborative world. While they cover some areas, they leave others exposed. For example, e-mail encryption technology gives users some sense of security, but it actually only protects the documents while they are transmitted and leaves them totally exposed thereafter. In addition to traditional security methods lacking necessary controls, the changing nature of IT must also be considered. Work is now mobile; information lives not only on the enterprise perimeter, but also on smartphones, iPads and tablets, laptops and other devices. This means information is anywhere and everywhere at once.
 
Now more than ever, you must consider different solutions for changing circumstances. Many security solutions don’t address these recent technical changes, and IT directors don’t understand the gravity of secure document sharing. But the trickiest part is that documents cannot be locked down. Companies need to collaborate and share to function well. This puzzle can be put together by being proactive. You must stop security breaches before they happen.

Best practices for leak-proofing your documents


  • Be aware of who you’re sharing documents with.

It’s a simple start that can’t be stressed enough. We’ve already established that sharing information is necessary to functioning. There is no way to lock sensitive data behind impervious walls without shutting down progress and productivity. However, we can be more careful about with whom and how we share information by limiting the distribution to only the necessary parties and requiring strong authentication techniques for document access.

  • Educate your staff.

If your staff understands the importance of document security, they will also proactively protect sensitive information for the company’s well being. Teach employees basic precautions to prevent systems from being compromised or accessed by unauthorized people. For example, avoid spyware problems by teaching employees not to install shareware products or open
suspicious attachments.

  • Protect documents on mobile devices.

Today’s world is highly mobile. Executives and employees alike are on the go and take their work with them on a variety of mobile devices. Since these technologies are prone to being stolen and lost, it is critical that you are able to remotely destroy any
information on them.

  • Trust is nice, but back it up with technology.

Sometimes even the most trustworthy people divulge sensitive material. This is undeniably true, as Wikileaks wouldn’t function otherwise. New technologies might have helped those Wikileakers remain trustworthy by restricting them from copying, printing or forwarding sensitive documents. The ability to wipe a document clean, even after someone has left an organization, is also helpful. Settings can be enabled in a document so that it is secure wherever it travels.

  • User-friendly options will encourage use.

If securing documents makes an employee’s day more difficult, he or she isn’t likely to do it. Ease-of-use should be a deciding factor in any organization’s decision to purchase security software. Cloud-based tools requiring little to no software installation and frictionless integration into existing systems (like e-mail or Microsoft Office) are more likely to be quickly embraced by staff.

The security of private documents is imperative to the business world. Achieving effective security takes not only awareness and education, but also supportive technology. New technologies and paradigms are required to get to the root of financial executives’ concerns about data leaks since most current approaches do not. Comprehensive security comes from new technologies that allow users to retain control of documents throughout their lifecycles.

Adi Ruppin is the Vice President of Business Development at WatchDox, a provider of document control, tracking and protection solutions that enable the confidential sharing of important or sensitive documents in an easy and secure way.

 

 
 
Share this article:
Digg It! Digg it!   Post to del.icio.us del.icio.us   Seed in Newsvine Newsvine   Post to reddit Reddit   Facebook  Stumble It! Stumble It!  

Subscribe to our weekly newsletter for top jobs, news, blogs and more

Get the latest senior finance job roles, news, blogs, features, industry moves and opinion delivered directly to your inbox every week. Sign up here .