Everyone is fair game for hackers these days. Some of these pesky intruders are after client lists, some of them intellectual property, and some of them just enjoy the challenge of breaching a supposedly secure network. More than likely, most of them engage in this illicit behavior because they will somehow manage to monetize their findings. Unfortunately, hackers are not the only reason that a lot of company data is misappropriated. In many instances, data leaks occur due to a company’s own negligence and/or the irresponsible actions of employees. Here are five ways that company data may become inadvertently exposed and some tips on circumventing these possible lapses through secure document sharing:
1. Inadequate Passwords
The whole point of requiring people to create a username and password in order to log into a program or application is to limit access to the site and protect the information that is saved there. But, this purpose is defeated if company personnel use the same password for a bunch of different accounts. Sometimes, in an effort to save money, companies may have one login and password for a particular account that is shared by several employees. This is also unwise because it can be hard to keep tabs on who has access, and thus increases the likelihood of this information getting passed around too much and possibly falling into the wrong hands.
SecureDocs Tip: Passwords have to be diversified across platforms, and they must never be shared with colleagues. Employees also must not use passwords associated with personal accounts for any work-related accounts. In addition, companies should implement multi-level security measures for passwords, such as two-factor authentication. This may entail entering a second code that can be sent via text message to a secure device or the creation of a unique pin for each user.
2. Indiscriminate Device Usage
Most employees probably put their work email on their smartphone and/or a tablet, and it is common for colleagues to communicate via text or online chat. This obviously makes communication and collaboration quick and easy, but it can spell serious trouble if sensitive information is conveyed via one of these non-secure mediums.
SecureDocs Tip: It is a company’s responsibility to train its employees on the importance of protecting data and to provide mechanisms for doing so, such as issuing work-specific devices or utilizing highly secure cloud computing services. As convenient as it may be to shoot a quick text, there are other ways that employees can collaborate efficiently without subjecting data to potential compromise.
3. Improper Saving
It is always tempting to save a document to the desktop because, let’s face it, that is usually the easiest and fastest place to find it later. Of course, this is probably the worst place to save documents that contain sensitive information or ones that must be used by multiple individuals within the company, as the item may be lost if the particular computer is stolen or damaged.
SecureDocs Tip: Companies can make it easy for employees to save important documents by implementing an online repository. Ultimately, confidential data has to be saved in a secure location, whether that entails a specified drive on the company network or within a secure virtual data room.
4. Inappropriate Sharing
In addition to saving important documents in the right location, they must be shared with others using the right tools. There are some free services like DropBox or Google Drive that may be appropriate for documents that do not contain confidential information. And, in some cases, it may be okay to share a document through email. However, for anything of a sensitive nature, these methods are definitely not recommended because the transmissions are not encrypted and the security in general isn’t that tight, so if someone manages to intercept them, the information will be exposed.
SecureDocs Tip: An online repository isn’t just useful for safely storing documents, it is an incredibly handy vehicle for securely sharing items as well. And, some data storage services take privacy rather seriously, implementing additional security measures such as watermarking, encryption, disabled printing, and the assignment of permissions-based roles.
5. Insufficient Security Mechanisms
This issue actually encompasses a range of potential issues, and in many cases, they occur because a company fails to make data security an integral part of its training and culture. For example, employees may forget to logout of their various accounts on a computer, leave their laptops open and in plain view when stepping away from them, or fail to adhere to a company password policy.
SecureDocs Tip: The importance of data security must be a regular part of company discussions and instilled in the employees. There must be a clear data security strategy that is communicated to employees verbally and in writing, and it must be clear that compliance is not just suggested but mandatory.