Have you ever accidentally attached the wrong document to an email? It's certainly embarrassing, and unusually easy enough to fix. However, what if that document contains confidential information? That accidental data leak could become a major problem. Now, what about your staff? Everyone makes the occasional mistake, and some team members may not be as careful as you'd like. Below are a few ways that your staff might be inadvertently sharing confidential information.
Stepping away from their workstations
Whether preparing a financial report for investors or reviewing a sensitive corporate document, when that document is open on a computer, anyone in close proximity can see it. What happens when the individual steps away for a few minutes as we all occasionally do? The document is even more vulnerable to nearby snoops. At a minimum, a password-protected screensaver that activates with a keyboard combination or kicks in after a short idle period can prevent this. If the person only needs to view the document, consider using a data room with one-click privacy blinds.
Failing to redact sensitive information
Just how much information needs to be given? Some would say the bare minimum. However, if the minimum necessary is contained within a document loaded with sensitive information that should not be disclosed, someone needs to redact that data. Does your staff know how or when to do this? Do they have access to tools that make redacting a simple matter? Or do they simply share everything?
Sharing files via email or with a collaboration tool that doesn't limit access
Email and file sharing tools like Dropbox are loved for their convenience. However, sharing sensitive data via email or any file sharing tool that doesn't limit access is problematic. Recipients will be able to download the document and have it on their device, which may or may not be secure (see below). Additionally, some file-sharing tools sync files to all registered devices- making several copies of your business's sensitive data available for download.
Saving documents to the wrong destination
Electronic documents can be stored in any number of locations including a staff member's local hard drive, an encrypted folder, a portable USB device, a network-attached storage device, an online data room, an online file-sharing service, and so on. While you may have created a secure folder or online repository for sensitive corporate documents, these solutions can't possibly protect those documents if they are saved to the wrong destination. One way to prevent this problem is to be sure staff are properly trained in your company's procedures for secure document storage.
Accessing files from non-secure devices
It's not uncommon for employees to check their email on their smart-phones, tablets, and other portable electronic devices. Most of these devices don't have the robust security measures available to computers. And these devices are commonly lost or misplaced. If a staff member has downloaded sensitive info via email on their smartphone, for example, anybody who picks up their phone could access that data.
Understanding how accidental leaks occur is the first step in preventing them. Many of these problems can be avoided by having a plan in place for secure data access and storage, and by using a secure online data room to store your most sensitive corporate documents.