As a small business owner, you may think you’ve taken steps to keep your sensitive data private, but it may be more at risk than you realize. In fact, your customer data, payroll data, banking information, email communications and more may fall into the hands of those it shouldn’t — and all because of sharing files.
When files are shared online in the cloud, there are a number of points of weakness that make those files vulnerable to falling into the hands of third parties, as this graphic shows:
Click to see full-size file-sharing graphic
Online security company Symantec has created the above graphic to illustrate just how vulnerable your confidential company information and sensitive customer data may be.
Symantec’s Senior Manager of Emerging Cloud Products, Anthony Kennada, says:
“Employees are increasingly adopting unmanaged, personal-use online file sharing solutions without permission from IT, part of the broader trend of the consumerization of IT in which the adoption of online services for use on personal mobile devices blurs the lines between work and play. These early-adopter behaviors – like those driving the use of file sharing technology – are making organizations vulnerable to security threats and potential data loss.”
Symantec’s graphic illustrates a number of risk factors that may lead to your company’s confidential data finding its way into the wrong hands. Let’s look at some:
- Mobile devices: Symantec found that 54% of employees are now relying on mobile devices for line-of-business applications. Employees may be using their own phones or tablets due to the BYOD (bring your own device to work) trend, and it can be difficult for companies to control data that is accessible by mobile devices. In an earlier report, we learned that the average loss for small businesses that experience a mobile security breach is $126,000. Using remote wipe or lock-down capabilities over mobile devices is something more small businesses should be doing.
- Competitors: Competitors getting access to your data is another worry. If you’re thinking James-Bond type corporate espionage, well … look closer to home. It’s much more likely to be an ex-employee passing data to a competitor. More than half of employees who stole intellectual property, did so by using email, remote network access, or network file transfer to remove the data. And most of those employees stealing your data had already accepted a job with a competing company or started their own company when they removed the data. You need to have clear employee policies in place, and take a tough stance to set an example in the case of theft.
- Cloud vendors: Another concern is that many cloud storage and sharing services don’t allow companies to instantly remove access or wipe information once an employee leaves, so ex-employees may still have access to sensitive data. When evaluating cloud vendors, look for such capabilities. Also, consider that rogue employees in a cloud vendor company may hold the key to your confidential data. Look at how much the vendor emphasizes data privacy and security. In small startup vendors, in particular, security may be lax and a large number of vendor employees and contractors may have access to your data.
With more and more businesses using the cloud, it’s more important than ever to consider your practices and make sure that your company’s data is secure. Adds Kennada:
“Security is still your responsibility when you move to the cloud, both as an individual user or as business owner. So don’t abandon your responsibilities when you make the move.”
So, does this mean you should never share your files in the cloud and keep everything offline? No. In this day and age, that’s just not realistic. But what it does mean is that you shouldn’t take security for granted. Look at all the potential points of weakness outlined in the above graphic. Be sure you have taken steps to minimize loss at each point.
What Kennada says is true. Mobile users are using their own solutions for data storage and security which may not be approved by their IT department. There was a story last year in Minnesota of a contractor who left his laptop in his car. He had the information of thousands of patients on his laptop — something that should have been taken care of by IT governance. His laptop was stolen out of his car and his data was left in the hands of who knows who. Data security policies need to be enforced and secured.