As is obvious from seemingly incessant news reports of data breaches, businesses often do not adequately protect all of the information that they should be securing. In fact, in November 2015 the Office of the Director of National Intelligence estimated that espionage predicated through hacking costs businesses in the United States $400 billion per year – certainly not a small sum of money. Interestingly, however, security professionals commonly discover that many businesses that, in fact, do expend significant resources on information security often neglect to adequately shield some of their data that should be better protected. Here are some prime examples:
Every business other than self-employed individuals has employees, which, by definition, means that they possess sensitive information related to human resources. While most people realize that payroll data and other records containing personal information must be protected, many folks neglect to afford proper protection for communications regarding performance on projects and other materials that could be highly damaging to a firm if they leak. Such HR-related information may exist in all sorts of formats, and hackers can exploit it to social engineer their way into an Organization. Also, consider the damage to morale and staff productivity if HR data leaks – such adverse effects are often christened “indirect damage,” but, direct or not, they can certainly be quite costly to a company’s top and bottom lines. Furthermore, when a business sees to hire new people, how many stars will want to join a firm that they know has leaked private information about prior employees?
In reality, “the cloud” simply means “computers belonging to someone else;” organizations leveraging cloud technology effectively outsource some portion of their information infrastructure to third parties who typically handle the data of multiple clients on the same equipment. As such, any sensitive information transmitted to and from the cloud, stored in the cloud, and/or utilized in the cloud, is at risk, and must be adequately protected. Furthermore, in general, it is unwise to rely on cloud storage providers to encrypt one’s information; encryption services offered by such firms typically force users to rely on providers’ keys – so a system breach within their organizations could lead to a criminal accessing client data even without having to steal the client’s decryption keys.
Many organizations…