Would you be surprised if I told you that nearly 40 percent of all
data leaks within the past three years have happened between January
and April? According to the Open Security Foundation's DataLossDB,
there have been 2,402 data loss incidents reported between 2007 and
2010 and 916 of them happened during tax season,
Coincidence? Maybe…
There is no question that businesses are already transferring
increased amounts of sensitive financial and company information among
partners, customers and third-party consultants to meet the April 15
deadline. But during tax season, there is a question that needs to be
front of mind for every IT and security professional: Who is
transferring what, to whom, when and why?
That is more than one question, but you get the idea.
The stats tell us that data leakage in the first third of the year is
a noteworthy concern and let's face it, security isn't top-of-mind for
the employees in your finance, audit and operations departments.
They know the deadline is around the corner and are going to do
whatever it takes to get their job done – which usually includes using
personal webmail to transfer large, sensitive files and using USB
flash drives to bring balance sheets, customer lists and intellectual
property home with them for after-hours work or to quickly and easily
share the data with an outside consultant.
Security professionals need to be on the lookout for risky file
transfer activity – especially between January and April.
Here are a few tips to help ensure that sensitive information isn't
walking out the door:
Gain visibility and insight: It is impossible to control what you
can't see. Security staff needs complete visibility and context into
all file transfer activity, internal and external, to understand
patterns, identify risks and prevent malicious or accidental leakage.
This visibility needs to extend beyond just employees – including
third-party consultants or auditors that are plugging into your
network, accessing your data and handling business-critical
information.
Create and enforce security policies: Set parameters that meet your
security and compliance initiatives and won't disrupt business and
workflow. Use file-expiration rules to reduce the risk of tax-related
documents being inappropriately accessed – even after they've left
your network.
Use encryption to ensure privacy and confidentiality: Data is most
vulnerable when it is in motion. Make the integrity of all file
transfers non-reputable by using end-to-end encryption that ensures
that the file has not been tampered with while in transit, and ensure
that it reaches its intended recipient without corruption.
Tax season is stressful enough without having to deal with the pain
and cost of a data breach.
Take control and manage the sensitive, tax-related files moving within
and beyond your network and ensure that each transfer is reaching only
the intended recipient.
If you don't have the visibility, it is only a matter of time before
you find out the hard way that an employee in your company sent
something to someone that they were not supposed to. And there is no
refund for the fines associated with a data breach…
No comments:
Post a Comment