Data loss from within is a big problem now, more than ever

In an effort to quickly roll out collaboration solutions and enable remote work, have we sacrificed the security of business-critical data?  A new report suggests data loss from within the organization or insider threats — stemming from employee theft or negligence — is a big problem now, more than ever.  Get the facts about this alarming trend and the steps your organization can take to address data loss that has been amplified by working from home.

New data shows there has been a significant increase in data loss since the onset of COVID-191:

  • 123% increase in data being copied to USB drives with 74% of that data marked as “classified”.
  • 72% increase in file uploads to cloud storage services.
  • 49% increase in email attachments.
  • 42% increase of printing (at home).
  • 24% increase of saving to home office network attached storage.

As noted in a Dark Reading article2 on the report, “Whether or not the data loss is intentional, the fact that it is occurring at a much higher rate than just four months ago suggests a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.”

If you have legal, regulatory, or contractual requirements to prevent data loss or if you just want to retain your company’s intellectual property and business-critical information (like customer account lists), make sure that you’re implementing data loss prevention solutions and properly training your staff.

A Roadmap for Addressing Data Loss

Here’s a roadmap to addressing data loss:

  1. Document your security policy. Write or update your company policy to lay out what data you want to protect and who or what should have access to create, read, and modify each type of data.  The policy should take into account legal, regulatory, and contractual requirements as well as what data is important to your company, its tolerance for risk, its technology environment, its culture, its processes, and its budget, amongst many aspects.
  2. Know where the data you want to protect is. The specific technologies that store your data (e.g. Microsoft SharePoint, Dropbox, Google Drive; on-prem or in the cloud) greatly affect which tools are most effective and appropriate for your situation.
  3. Find, deploy, and operate an appropriate data loss prevention technology solution. With hundreds of cyber companies and technologies in the market and prices often hidden, you may wish to engage a security consultant to help you identify the right solutions at the best prices rather than take your chances guessing keywords and company names using a Google search.
  4. Educate your workforce. This includes annual security awareness training, policy acknowledgment, and light hands-on training to ensure everyone understands how to use the technology.

Through these four steps, companies can greatly reduce data loss risk and meet compliance with the law, regulations, and contracts.

Get the Roadmap

This step-by-step illustrated guide lays out each phase, from defining your strategy to using an automated solution to enforce compliance and apply dynamic security to files, chats, and messages shared from Office 365 apps, including Teams, SharePoint, OneDrive, and file share content.  It also provides tips for a successful and consistent data security and governance program.

About the Author: Gary S. Chan is an independent security consultant, helping businesses achieve compliance and meet security and privacy obligations. He holds multiple security certifications, including a CISSP, ISSMP, CHISSP, and CFE, and a degree in Electrical Engineering & Computer Science from MIT. Contact Gary at consultant@alfizo.com.

1 Digital Guardian Digital Trends Report, May 2020

2 https://www.darkreading.com/vulnerabilities—threats/data-loss-spikes-under-covid-19-lockdowns/d/d-id/1337931

3 https://nucleuscyber.com/infographic-managing-data-security-and-compliance-risk/