Do you find yourself asking if your business faces a threat from data loss, malware and hackers? And what these risks have to do with you?
Sadly, for legal firms and corporate legal departments that handle massive amounts of confidential data, the threat of breach due to human error is ever-present. In fact, this represents the biggest risk to your data and potentially having it exposed.
Each person within an organization holds the power to threaten or enhance the company’s data security. Awareness is an easy way to help mitigate risk and help ensure that a data breach doesn’t happen on your watch.
Here are three common — but still often taken for granted — ways data is put at risk.
Internal data leakage
Data leakage occurs when an organization’s information is transmitted without authorization. Typically, data leakage at law firms and legal departments will fall into one of three categories: confidential information, intellectual property or customer data.
While not all internal data leakage is intentional or malicious, even inadvertent leaks can be a serious liability.
According to an Intel study, nearly 43 percent of serious data loss incidents could be traced to an internal user. Of those, half were accidental.
So, how does it happen?
According to the study, internal leaks were more likely to happen using physical media. A misplaced USB drive or an unsecured laptop is all it takes to suffer a data loss.
The good news? Once you’re aware of how these leakages happen, you can take simple steps to help prevent them:
- Avoid USB and external drives, and embrace your company’s enterprise-grade file-sharing tool to access documents when you’re on the go
- Always make sure your laptop is encrypted and stored securely
- Establish internal audits, monitoring and logging of user activity
- Prioritize training and awareness campaigns to embed the message in your workforce.
Shadow IT
Free technology can make life easier. You love it, you’re comfortable with it and it’s easy to use. As a fellow consumer, I get it.
But, as an IT professional responsible for safeguarding a business, you must stop using free software for work.
Shadow IT, sometimes called stealth or client IT, is any technology that is used within the business without the knowledge, support or approval of IT. It may be a messaging app, free file sharing solution, digital notebook or handy password keeper.
While these solutions may seem like an easy, harmless way to enhance productivity, they can cause more problems than they solve.
Technologies that exist outside of the approved IT structure can:
- Introduce network security threats, including viruses and malware
- Cause gaps in regulatory compliance
- Suffer data and productivity loss if the service goes down or is unavailable
- Silo knowledge and hamper efficiency efforts.
If you use and can’t live without a program outside of what is approved by your IT team, ask them about it. Your IT team can evaluate and raise concerns if necessary, but if all is well, they may be able to give it their seal of approval and encourage company-wide adoption. Then you get to be the tech hero that introduced the next big thing.
Weak passwords
You’re tired of hearing about this one, and we’re tired of talking about it. Even so, weak passwords remain a big threat to data security, so here we are again, talking about passwords.
Every IT professional can sympathize with your plight when it comes to passwords; they’re hard to remember and you need way too many of them. In fact, it’s estimated that the average business user has 191 passwords to remember, but uses the same selection of four to seven unique passwords over and over.
While your IT department can set password requirements and implement periodic resets, they can’t force you to select a unique, strong password. Twenty percent of passwords are considered ‘weak’ and can be cracked in under 4 minutes, so when you set your password, give it the weight and consideration it deserves as a gateway to your businesses’ valuable data.
Quick password tips:
- Use passwords that are more than 8 characters long
- Use a combination of upper- and lower-case letters, numbers and special characters
- Don’t use words in the dictionary
- Update your password every 90 days
- Enable 2-factor authentication whenever it is available.
Michael Hall is the global head of information security for HighQ, an industry leader in providing collaborative cloud software to law firms and corporate counsel. He is a highly experienced information security leader with a strong commercial, technical, consulting and compliance background. A former U.K. government CLAS consultant with extensive experience in the assurance and assessment of government infrastructure and systems, Hall is a senior manager experienced in leading numerous successful security and IT transformation programs across multiple sectors, advising C-level executives on strategic security initiatives and helping them navigate complex global regulatory compliance landscapes.
Original link: https://www.lawtechnologytoday.org/2018/11/are-you-a-data-security-weak-link/