With the BYOD trend in full swing, make sure that you have data policies in place and that your staff know what information can and can’t be sent from company or personal devices, especially when it comes to email.
Take, for example, when former US Vice President Dick Cheney was scheduled to visit the hospital. Apparently George Washington Hospital came close to a data leak which could have had national implications due to someone for the Secret Service sending an unencrypted e-mail.
The Secret Service sent an e-mail to those coordinating the visit to inform us about which route they would take through the building, including which elevators,” says Amy Hennings Butler, assistant director, security systems operations at George Washington University (GWU). That kind of sensitive information should not be sent through the Internet especially as a clear-text email.
The only reason why GWU managed to dodge the leak was because they had installed a data-leak prevention product from Reconnex, which triggered an alarm.
The DLP system responded to some of the text, as well as the lack of encryption, which allowed IT administrators to block the message,” said Butler. “The agent who sent the email most likely violated the Secret Services own data security policies, but it was the universitys security that caught it.
Social media, YouTube videos and company blogs may all be worth while, but you always run the risk of someone mentioning classified information. This also includes emails and texts from both company and personal devices.
Make it clear what information can and can’t be shared with the general public, and when it comes to sending colleagues messages, make sure all devices are up-to-date with the latest anti-spyware software of your choice.
Furthermore, it might help to have a policy in place to outline company procedures when a violation takes place.
The FBI has suggested on more than one occasion that being lenient with employee access to classified data only provides opportunity for stealing. “Limit the right to open or use company files, storage facilities and computer data only to those who need it.” That way if data does get stolen finding the culprit will no longer be akin to finding a needle in a haystack.