In December of 2014, a new study, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” from the Ponemon Institute found that employees have excessive access to company data, presenting a growing risk to these organizations.
Their findings led to the revelation that there is a significant lack of oversight and control over which employees have access to confidential, sensitive data and how that data is shared. They also found confusion among staff as to what their responsibilities are in protecting company data. Companies that do not make data protection a priority typically have a difficult time staying within compliance standards.
University Hospitals recently found out what kind of disasters can ensue when a rogue employee accesses sensitive data. A hospital worker gained unauthorized access to 692 patient files over a three-year period. This employee acquired not only patient names, home addresses, phone numbers, email addresses, and medical and health insurance account numbers, but also credit and debit card numbers and some social security numbers.
The worst part of this whole thing is it could take up to two years for the dust to settle and the book to be closed. According to HIPAA regulations, professionals have to be brought in to assess the situation, determine if any fraudulent activity is taking place with the patient information, and help remedy any damages. The hospital must also notify the affected patients, publicly disclose the breach, and pay up to $50,000, depending on the investigation findings.
Whoever said, “You can’t have your cake and eat it too” was lying. Productivity does not have to suffer if security within the organization is increased. The Ponemon Institute study found that in the past year, 67% of IT practitioners said their organization tightened access to company data because of security requirements or concerns, and out of those respondents, 78% said stricter access has not had an impact on productivity.
Security solutions include monitoring and access control software or services, encryption tools, mobile device management, and Virtual Desktops. Encryption software offers many helpful ways for protecting your data. They include ways to encrypt files, secure passwords, monitor hack attempts, and shred files to ensure that those that are deleted remain unrecoverable.
Monitoring, maintaining regular surveillance, can be performed in-house, by a service provider, or by automation. Many companies are making the move to having a service provider monitor their systems because it frees them up to focus on their business and their clients. That service provider would contact the company if there were a problem, but they handle the detection and solving of the issue.
Access control segregates users by groups or permissions, permitting access only to specific information and applications. Going about gaining access requires the authorization, authentication and audit of every individual. Access controls allow a specified administrator secure information and set privileges for each individual within the company by controlling what information can be accessed, who can access it and at what time it can be accessed.
A Virtual Desktop Infrastructure (VDI) through Desktop as a Service allows you to deploy individual desktops that are preinstalled with software, applications and tools to your specific wants and needs without needing dedicated IT staff or the resources to manage it. A VDI is a customizable, and centralized approach to a desktop for your computer, which can be designed to allow certain employees access to sensitive information while restricting access to others. Endpoint firewalls can be set up to provide a great first barrier to protecting your system and data from inside attacks or negligent snooping. Updating firewall configurations are quick and easy because you can make changes in real time to all VDI sessions instead of having to update every session individually.
Many breaches come from mobile devices being lost or stolen. Through VDI and other mobile device management software, you also have the ability to dictate which devices have access to the company desktop and data. If there is a device that you do not recognize or one that you no longer want to grant access, you can simply and remotely remove that device from the list.
Another great feature is the ability to lockdown the applications that are allowed on the desktop in order to prevent applications that are not properly configured, which can provide easy entry for hackers, or applications that include malware or spyware.
A VDI setup can help protect your company from outside and inside security risks while improving productivity through allowing 24/7 employee access to real time company data on approved devices, automatically installing and updating software and applications throughout all devices at the same time, and utilizing collaboration tools.
Any, all or a combination of these solutions can significantly help protect your business and its sensitive, critical data.