Negligent staff forcing companies to look to dedicated corporate policies to protect confidential information
Employee negligence poses a serious threat to the security of corporate confidential data, according to over half the respondents in the Worldwide Security Products survey conducted among major global companies by the research agency IDC in February 2013. The companies identified this as a priority for 2013, and intend to work towards developing and implementing policies to ensure a responsible attitude to confidential information.
“It is essential that all employees, irrespective of their status in a company, understand how their misguided actions (innocent or unintended) can impact their organisation,” said Kevin Bailey, Research Director, EMEA Software Security Products and Services Policies, IDC. “Policies that control access, movement, and communication of data in a secure and understood manner will be needed by organisations.”
Ensuring compliance with security policies for confidential information within the company is, to a large extent, the work of the legal department and security services which jointly develop, implement and monitor compliance with such rules. However, even when proper policies are established in the company, there is always a risk of data loss due to human error – employee negligence or lack of awareness. This is indirectly confirmed by other data in the same survey by IDC: as well as recognising the need for information security policies, about 36% of companies express serious concern about the growing number of mobile clients and uncontrolled devices such as smartphones, tablets and laptops. Preventing leaks of confidential data concerns 41% of the companies surveyed.
Although there is no shortage of specialised technology solutions for protection of confidential information on the market, the powerful Kaspersky Endpoint Security for Business platform, which manages coordinated protection of the corporate infrastructure against malware, ensures maximum security for sensitive information and effectively prevents data leakage.
Secrets remain secrets with Kaspersky Lab data-protection technologies
Corporate policies to protect sensitive data are most frequently violated when employees use their own removable media for work purposes. These very devices are often the vehicle in which confidential information leaves the company without authorisation.
Removable media may also introduce malicious software which, after it penetrates the corporate network, can eventually lead to data leakage or even more damaging consequences.
Kaspersky Endpoint Security for Business integrates several advanced technologies aimed at protecting the company’s data. First of all, it offers two levels of file encryption – File/Folder Level Encryption and Full Disk Encryption. Using the Kaspersky Security Center management console, the network administrator can establish common rules to encrypt certain types of files/folders and drives according to industry standards, rendering the data unreadable outside of the company’s IT infrastructure. Sensitive information cannot be seen regardless of whether the security policy violator is an insider or the confidential information was taken outside the company accidentally.
Removable media owned by members of staff could introduce malware onto the corporate network, which might then allow cybercriminals to gain remote access and steal confidential data. A range of Kaspersky Lab tools significantly reduce the risk of this happening. They include such technologies as Automatic Exploit Prevention, Anti-rootkit and Dynamic Whitelisting, which can combat even unknown threats effectively.
Lost smartphone is not equal to lost data
The increasingly popular trend of using personal mobile devices for business purposes also runs counter to the principles of safeguarding sensitive data. Not only are these devices more likely to be infected by spyware, there are also dozens of incidents every year involving leaks of confidential data as a result of lost smartphones or tablets full of corporate secrets.
Available as a standalone specialized product or a component of Kaspersky Endpoint Security for Business, Kaspersky Security for Mobile includes an extensive list of features that allow quick, easy and secure integration of the employees’ personal devices into the corporate infrastructure. In particular, the solution offers encryption capabilities for sensitive data and remote removal of data, even if a lost or stolen smartphone is used with a new SIM card.
No matter how strict the corporate policies for security of sensitive data are, there always remains a chance that they may be violated because of the employees’ actions. Kaspersky Endpoint Security for Business has the technologies to neutralise or minimise the negative consequences of such incidents.