How do you protect your sensitive business data in a working-from-home world?
Part 1.
It has been a problem that has existed since the invention of business itself but in this work-from-home world we live in now the question of how to protect business data is once again top of mind.
With staff working from home it is inevitable that they will end up with sensitive business data stored in an un-controlled environment either on their own computer equipment or on company owned equipment with few protections.
In my career I have had the opportunity to see and understand how large, highly secure government departments handle this situation. In the most extreme example I was invited to see how one of the most technically advanced federal government organisations in this country operate, I am not allowed to tell you who they are but I can tell you that they fall under the banner of National Defence. Now what I got to see was strictly controlled, it’s not like they were giving away national secrets or anything but the purpose of my visit along with the other attendees was to get an idea of what it takes to truly achieve data security; security in the sense of only allowing authorised people to access said data.
What I learned was this it really is not possible to fully secure your data unless you are prepared to go to extreme lengths, I’ll tell you soon how the unnamed government department did it but first let’s look at some of the basic concepts at play.
Just about every business generates confidential data, in some cases that data is very private and personal in nature such as medical and financial records and in other cases there are trade secrets to worry about, no matter what it is, it is up to the leaders of each business to do their best to protect that data. There are laws now that make it mandatory for a business to report any breach or suspected breach of personally identifiable information. Let’s start with the basics, how do we prevent unauthorised access to this data?
Identity management
At the most basic level data is protected by a user name and password combination so it’s been drilled in to us for the last 25+ years “Don’t ever give your password to anyone else.” Passwords combined with that message of secrecy served small business well for a very long time but in this connected world of our it’s no longer enough so some bright spark invented Multi-Factor-Authentication (MFA). User name and passwords are things that a user knows, MFA adds an extra element – something that they have, often in the form of a random ever changing number, it’s not really possible to guess what the number is going to be at any given moment. In this way MFA expands on Identity Management by requiring the user to both KNOW something (their password) and simultaneously HAVE something (their MFA app or token).
For most businesses a properly implemented MFA system is good enough protection to prevent unauthorised people from accessing their data.
The threat from within
The real problem for businesses today is not so much about protecting their data from attack by external forces, we’ve got some pretty good systems to prevent the bad guys from getting in but what about your own staff?
More specifically, what about disgruntled staff and soon-to-be ex-staff members? What’s to stop them from copying your sensitive business information?
About 15 years ago I was attending a Microsoft seminar where they were talking about the latest and greatest technologies that they were working on, they were talking about some new tech which allowed controls to be set on electronic documents and emails which limited what could be done with them. For instance you could create a Word document but set it so that it was impossible for someone to print it, email it or copy it to another location like a USB stick, even screenshots were preventable. The audience were amazed, now all of a sudden those in control of super-sensitive documents could have even greater control over how they can be used. The amazement abated pretty quickly as one savvy audience member pointed out that all this great tech couldn’t stop someone from taking a photo of the protected document and it certainly couldn’t stop someone from simply re-writing the protected document in a brand new unprotected document.
This experience taught me that we can create some pretty cool tech to protect data for the good guys but the bad guys will always find a way to get around any restrictions which are put in place. The moment you make a document or any other data available to any other person is the same moment that you permanently and irrevocably lose control of that data.
The disappointing reality is that there are no practical steps you can take to prevent a disgruntled employee from copying and doing as they please with your sensitive business data. The best you can do is make sure you have a legally enforceable agreement with your staff, usually as a clause in an employment contract which prohibits them from misusing company data.
How the pro’s do it
So now I’ve just finished telling you how it’s impossible to properly protect your sensitive business data I probably should qualify that statement by adding the word ‘practical’ – for the typical Aussie business, there is no practical way to fully protect your sensitive business data. With staff working from home it is easier than ever for them to make copies of sensitive data but the threat has always been there, regardless of where they work from.
There is one completely impractical way to do it that I know about . The most sensitive data in the world is kept in a dedicated facility with strict access controls. The facility that I was lucky enough to see looked much like any other office once you were inside but with a few key differences. Before entering I had to pass through a security check point, at this checkpoint I had to surrender all electronic equipment, they even took a pair of sunnies I had hanging off my shirt collar, there was an armed guard. They checked my shoes and they patted me down after passing through a metal detector. I was not allowed to take anything in with me, not even a pen and notepad. Once inside I saw a series of standard looking desktop computers setup in little cubicles arranged in such a way that only the person sitting in front of any of the computers could see the monitors, there were cameras everywhere watching us. We didn’t get to use the computers or go any where near them but we were told that they were connected to a segmented network that was only accessible from within that room, of course that network was not connected to the internet. When we left the room we were searched again before our mobile phones and other items were handed back to us. Was it secure? You bet your ass it was secure, but was is practical? Not a chance, could you imagine even trying implement security like this for a typical Aussie business?
Coming up in part 2 of this article we’ll explore some practical policies and procedures that you can implement to help your business cope with staff who use their own devices (BYOD) for work.
Read part 2 here
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale
Attentive and thorough, Australia Wide I.T. get onto any of our I.T. problems quickly – with prompt, friendly and efficient service. Whenever we need to upgrade, we know we can trust their knowledge in supplying flawless new equipment that always works both physically, and to suit our needs.
Alison
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral