Where is Sensitive Data Being Shared in a Remote Workflow?
Our team has always focused on securing data and helping companies find the data that needs to be secured. One of the greatest challenges that we, as an industry, face is the recent move to remote work. Most companies have relied on facility-wide cybersecurity measures to keep secure company data inside the defended cyber-perimeter. Your company’s local network can be more locked-down and defended from sensitive data leaks than a disperse network of remote employees. And yet, here we are with a new remote workflow and the need to adapt swiftly to the new requirements.
Part of this is keeping track of sensitive data, not just where your business stores it but anywhere it might be shared between or from remote employees. Remember that team members communicating with each other or clients have the potential to accidentally or incautiously share sensitive information with those who were not intended to see it.
Even more risky for the long-term is the very high possibility of sensitive data communications being stored and archived in an overlooked and non-secure fashion. Hackers needn’t even access live communications if they can reach unprotected archives or files that contain the sensitive information they seek. Today, we’re highlighting the many places where sensitive data might be unsecurely shared as part of a remote workflow.
The first place to look and secure is your cloud-based document sharing. While local network files can be secured using on-site data controls, cloud documents follow different rules. A cloud document exists separate from the company local servers and access is defined based on account authority. If an employee’s account is authorized to access the file, they can touch base, read the content, and write changes.
However, these shared documents are often rife with highly sensitive and personal information that may not be closely monitored. There is an especially high risk of unsecured cloud files if all files were very quickly shared online or recently scanned into the cloud-sharing interface.
You will need to programmatically identify sensitive data in your collection of cloud-shared documents and make sure these files are properly secure. Access-control is usually the best way to protect cloud-shared documents, limiting both who can open the files and monitoring who accesses or attempts to access the files containing sensitive data.
Employee Chat Discussions
The single most overlooked archive of sensitive data for most modern companies is generated from inter-office communications. Employees talking to employees about company business creates a never-ending bounty of content that frequently includes sensitive data. Discussing customers, projects, and coworkers can all reveal key or even harmful information that the company is responsible for.
Because employees must communicate and logs are frequently created, companies must take responsibility for securing the sensitive information contained in employee chat. Emails, chat logs, and call transcripts all fall under this category. It is essential to both keep accurate records and lock-down access to what might otherwise seem to be benign files. Do not overlook your communication logs, instead scan them for sensitive data and choose a security strategy.
Team Video Meetings
The recent publicized zoom-bombing attacks have spotlighted a new security concern: video meetings. Outside of traditional office communication, the video meetings that now dominate remote workflows are actively being targeted by hackers. The flashy, childish hackers who disrupt meetings are simply the most visible. Wherever those appear, there are other, more focused hackers who have their eye on sensitive data to use or sell. Video meetings create an entirely new channel for corporate espionage and data-theft can occur.
Start by securing your meetings and locking out uninvited attendants. Use trustworthy, secured software and know how to report any detected hacking attempts. Also monitor the text content of each call, both the chat-channel and any transcript created. These may create both readable files and archives that could be secured or harvested.
Video meetings often include file-sharing and presentations. These, too, might be the target of hacker interest if they include sensitive company information. Scan and secure any files shared on video meetings and records created after the meeting is closed.
Along the same trend, be aware of sensitive data in customer communication. When talking to customer service, your customers are more likely to reveal sensitive information about themselves while accessing accounts and discussing technical difficulties. All customer service communications and any tertiary talk with clients (ex: social media & private messages) should be scanned and secured to keep customer data safe.
It’s also worth noting that the exact process of your customer service could also be targeted. Consider ways to prevent hackers from identifying and mimicking your customer service process.
Email Exchanges and Transactions
Email is so universal that it often escapes a company’s umbrella of cybersecurity. Employees alternate between work and personal emails. Some employees handle a dozen email addresses, sometimes one email address can connect to dozens of employees who might answer. Role-based accounts, spam-catcher accounts, filtration accounts, and work-used personal accounts all need to be monitored for sensitive information.
Help your employees limit the possible exposure of sensitive information by using specific tools and accounts to share information via email. The more convenient you make the secure channels, the more likely employees will default to using them.
SMS and App Communications
Complete your data-security audit with a look at mobile communication. SMS is another uniquely external channel that is often overlooked. However, if any sensitive information is texted to or from customers through your SMS services, this could be an unseen security gap if not scanned and locked-down.
Likewise, communication that happens solely through mobile apps can slip the net. Consider any app your team uses or customers have used to connect with the company. Any of these logs could include sensitive information that should be secured or deleted, based on what is necessary for each app.
Working with a remote team requires a new layer of cloud-level security. In order to secure your company’s sensitive data, you must first be aware of it. Contact us today for more on the tools and strategies needed to scan and secure sensitive data in your remote workflow.