Learning From WikiLeaks
If WikiLeaks’ unauthorized release of more than a 250,000 sensitive computer files is not a wake-up call to companies about the need to proactively protect confidential information, than nothing is. The WikiLeaks phenomenon — the existence of an organization devoted to obtaining and publicly releasing large troves of information the U.S. government would prefer to keep secret — illustrates just how vulnerable our data security is.
While WikiLeaks serves as the ultimate example of how a breach occurs, most companies won’t learn their lesson until they experience an incident themselves. In fact, a recent Forrester survey of 305 security and e-mail professionals revealed some eye-popping statistics:
• One in three companies investigated a breach of confidential data last year.
• One in four companies experienced an “embarrassing” leak of confidential information.
• One in five e-mails contains a legal, financial or regulatory risk.
What You Can Do
Sensitive data is everywhere. Recent studies by security firms have shown several trends that might prompt ag retailers to rethink how they protect confidential information at their operations. Here are four lessons/trends you can learn from:
- Knowing is only half the battle. A company’s intellectual property is no longer just represented as tangible products, but it’s also the intangible, digital assets like customer data, client lists, and merger and acquisition plans. Ag retailers should consider conducting a companywide intellectual property audit to generate a list of proprietary business information assets they want to protect. But knowing what these assets are is only half the battle. To better protect them, many companies are investing in new Data Loss Prevention technologies that promise to keep “tabs” on where sensitive data is going, who is using it, where it is being saved and whether or not it is being protected or used appropriately.
- Mobile workers pose an increasing threat to business data. According to a Symantec study, Website blocks based on corporate policies get triggered 35% more often by workers when they are on the road, compared with being in their office. And as more and more ag retailers take their laptops, smartphones and other mobile devices into the field, the risk of malicious attacks that exploit these devices will increase next year. To shield as much data as possible from potential hackers, security experts recommend limiting the resources that these devices can access inside the firewall.
- Social media concerns in the workplace are on the rise. A 2010 Trend Micro study found that social media use in the workplace has risen from 19% to 24% in the past two years, and it is not hard to predict that number will continue trending up. Furthermore, concerns about data loss events related to social media continued to rise over the past 12 months. According to a Proofpoint study, 53% of respondents were highly concerned about the risk of data leaks through a social networking site. Social media use is growing at an even greater pace in our industry. Results from a 2010 CropLife Media Group survey showed adoption among ag retailers rose 24% from 2008. While monitoring social media use in the workplace may not be a high priority for most ag retailers, it’s certainly an area they should keep a closer eye on than in the past.
- E-mail remains a serious threat. A new report from on-demand security software vendor Awareness Technologies finds that e-mail services are increasingly responsible for a growing number of data breaches. Awareness Technologies studied significant data breaches that occurred at more than 10,000 customer sites and found that most of the “insider” breaches were a result of employees either being malicious, untrained or gullible. So does your ag retail operation have an e-mail policy? If not, it’s time to create one to ensure employees have the necessary guidance as to the use of the company’s e-mail system, and to inform them of prohibited conduct.