Data Theft Prevention 101

We can never stress enough to our clients how important their data is.  There are plenty of ways data can become lost, but the one scenario that nobody ever likes to talk about is internal data theft.  That's right; businesses can suffer from their own employees stealing data.  Now, this doesn't mean that all or any part of your staff is plotting to expose company secrets or distribute your leads to competitors, but a few precautions can be taken to just ensure that it never happens.

Think of it like having a smoke detector.  You don't anticipate a fire, but just in case, a little investment can save you from a big (even if seemingly unlikely) disaster.  Surprisingly, however, internal data theft happens a lot more than we think.  Symantec teamed up with Ponemon Institute  and did a study on laid-off and terminated employees, and whether or not they keep sensitive or confidential information.  The result?  59% of employees who leave or are asked to leave are stealing company data, whether it be  customer data, contact lists, employee records, software, documents or other intellectual property.  More shocking is that 67% of those who did steal admitted to using the data for themselves or to leverage a new job. What are a few precautions you can take to prevent this from happening without limiting your staff from getting their work done?

• Establish policies that clearly state that former employees are not allowed to access confidential company data.
• Hold an exit interview, and have their paper AND electronic documents checked.  This includes thumb drives, cell phones, iPods, and other mobile devices.
• If you know someone is going to be leaving, pay a little more attention to network activity and email activity if possible.
• When the employee has been terminated, be sure they cannot get back into workstations and servers.  Reset passwords and ban accounts.  It's not a bad idea to have an IT professional check to make sure there isn't any remote access software running on their workstation.
• Set up access permissions on your server.  Data should be compartmentalized; staff should only need to access the data that they require for their job.
• Run encryption on file servers, and hide folders from those that shouldn't see them.
• Utilize strong login passwords and require them to be changed separately.  Your IT professional can set it up so the network forces you to change your password regularly.

Some less hands-on measures:

• Eliminate CD and DVD  burners.
• Manage USB access to block or limit thumb drives
• Limit access to printers

You can also utilize data loss prevention tools that can help monitor email, stop USB ports from being used, and control printing, among other layers of protection that will help keep your confidential data from getting out. Are you concerned about data theft?  Give us a call and we'll help you come up with a solution that works well without locking your staff out of their work.