Companies are doing all they can to prevent trade secrets from spilling out. They try different strategies, from the use of enterprise file sync-&-share systems to private servers and personalized email services. Employees and management are also trained to adhere to security protocols. The latest tech can’t prevent problems caused by human error.
A few of the protocols drilled into employees and managers are:
Spotting Phishing Emails
Phishing is an insidious technique in which employees of a company are tricked into sharing vital information through well-curated information. Phishing techniques are long past the days of fake-looking emails and names. Attackers use names and identities that employees are familiar with, create authentic-looking email, and “fish” information out of the employee.
Companies offer seminars or include in their regular training ways to spot phishing techniques. Clicking on unverified links is a no-no, assessing the writing technique of the email is a must.
Dump Data Offline
Keeping all of your company’s information online may seem smart at first. Accessibility is not an issue when it comes to live archives. However, these systems are vulnerable to attacks. Hospitals that place all of their patient’s records online are often targeted due to the high value attached to each profile.
All manners of companies are advised to keep offline archives and personal servers ready. Downloading and placing data in remote servers that could not be accessed by outsiders minimize the threat from hackers and other information leakers.
Email breaches all have degrees of human error involved. The most basic of procedures that people have to do is to watch who they send their emails to. Reply All could spread the right information to the wrong people. Similarly, old threads should be deleted to prevent the same problems from cropping up.
Documenting facts through email can provide extra protection against contract breaches. Commitment to projects vs. actual output could also be traced through email transactions. Adding confidentiality footnotes, such as a paragraph emphasizing the confidential nature of an email, adds a layer of protection to each piece of information shared through this manner.
The moods and email etiquette of users should also be taken into account. Employees and managers need to be routinely reminded of proper conduct and language in many sensitive emails. Professional conduct must be observed at all times—that means no angry emails or jokes picked up from media.
Improperly Configured Data Leak/Loss Prevention
Nothing is more frustrating than leaking and losing data due to improperly-configured equipment. Data leak/loss prevention software systems are only good investments if they are properly fitted to a companies needs. Companies fail to conduct adequate risk analysis before selecting products. Some also expect software to do what they want it to do right out of a box. Others fail to work with departments they need to work with closely when fine-tuning their newly-purchased tools.
Time and patience are needed when establishing a new data security strategy. Setting up data leak/loss prevention tools requires a great amount of effort to limit egress routes for sensitive information. These tools need to be configured correctly to prevent disruptions to an organization’s workflow.
The advice of not bringing work outside the workplace applies not only to an employee’s work and life balance. This principle also applies to physical and digital documents and other materials related to their jobs. When in doubt, it’s in the employee or manager’s interests to keep sensitive information within the office they work in to minimize possible leaks.