YOU DON’T KNOW WHO HAS ACCESS TO IT
Outsourcing has become more prevalent in today’s business world. At the same time, the number of access points to our data has increased at pace. Several prominent data breaches in recent years were traced back to a third-party vendor, such as what happened to Goodwill and Jimmy Johns. In 2016, we saw numerous instances of outsourced payroll service data breaches that resulted in identify theft and fraudulent tax returns, including one which affected a Maryland-based construction company.
As author James D. Burbank pointed out in “Threat’s Identity: How an Outsourced Workforce Can Harm Your Cybersecurity,” the “outsourced workforce has become one of our primal threats.”
Hopefully, your employees have received training on handling your company’s data, but have your outsourced workers received the same training? Do those work-from-home employees use access tools that meet your company’s security requirements? You can’t secure it if you don’t know who has access to it.
YOU DON’T KNOW WHAT THEY’RE DOING WITH IT
In 2014, SCMagazine published a piece on a report from Globalscape entitled, “Employee file sharing practices put corporate data at risk, study finds.” A survey of 500 company employees found that “63 percent of employees use remote storage devices to transfer confidential work files, 45 percent of employees use consumer sites such as DropBox, and 30 percent of employees use cloud storage services.”
Two years later, the trend continues, as reported by Business News Daily. At the same time, a survey by Softchoice found that “one in three cloud-app users has downloaded an application without consulting IT.”
If your employees are using personal cloud-based storage services and perhaps portable devices to transfer data in and out of your network, you have a security problem. I often find this is a result of a failure to communicate between employees and IT staff. It’s the responsibility of IT staff to make certain employees have the tools they need to do their jobs competently and comfortably, and it’s the employee’s responsibility to ask IT for the tools they need rather than working something out on their own.
If your habit is to “Just Say No” to employee requests, you may find that your employees are making end-runs around your security measures and putting company data at risk. You can’t secure it if you don’t know what they’re doing with it.