It’s common for workers to store business data in a range of formats and locations, but this can be a cyber risk without the right IT security controls.
There’s a growing threat of data breaches to UK businesses, with 65% of large firms experiencing a breach in the past year, according to the Cyber Security Breaches Survey 2016. It’s therefore vital for all firms to take steps to protect their data from hackers, accidental loss and theft via strong IT security controls.
The trouble is, it can be difficult for some organisations – such as knowledge businesses like private equity firms – to know exactly what to protect. Their problem is that a lot of customer data, business intelligence and intellectual property tends not to be stored in a single central database, but spread across lots of different documents and devices. For example, mission-critical data of a private equity firm may be stored in a PowerPoint file, and for a law firm it might be within the body of an email.
A serious breach won’t just affect one kind of file or one storage location, either – the recent WannaCry attack that infected businesses worldwide is an example of malware that was able to infect a wide range of file formats and devices, just as long as the devices themselves were running an unpatched and outdated version of Windows.
The uncontrolled spread of information across all of these different formats and locations is called unstructured data and can be problematic to secure for the following reasons:
Whilst there is nothing inherently wrong with storing sensitive and regulated data in a Word document or as a PowerPoint presentation, there needs to be security in place to prevent those from being opened or edited by an unauthorised user, or ending up in a location where they might be at risk.
This can be particularly challenging when employees are inclined to save, copy and share their files in an insecure way – using personal cloud storage accounts, their laptop hard drives or USB sticks which can be lost or stolen, for example. (If this sounds familiar, it may be time to invest in a new cloud document management system.)
Furthermore, one of the most common ways employees send and share files with one another and their clients is simply attaching them to an email. Whilst this is convenient and quick, it’s all too easy for users to make mistakes like sending documents to the wrong email address – which, within just a few seconds, could compromise business security and confidentiality, and even lead to potential legal issues.
Unless you have a document-level security solution in place or controls to prevent the sending of confidential data via email, this common business tool can therefore be a major source of cyber risk.
The ubiquity of Office applications like Word and Outlook has been beneficial for many knowledge businesses, as it makes them familiar to most employees off the bat – as well as compatible with a wide range of both business-owned and personal devices. This means it’s common for employees to access documents from their smartphones, for example, or take them home to work on remotely (which brings with it a welcome productivity boost).
However, this increases the risk of device loss or theft leading to a data breach, as well as other remote-working threats like the sending of files over unsecured Wi-Fi networks where they can be easily intercepted. As such, security controls are needed to ensure the inclination to work remotely isn’t a source of to cyber risk – whether that means introducing remote device-wipe functionality or more document-level security controls like encryption.
Find out how your business can protect itself against these cyber security risks by requesting a free IT audit below.