Employees do many good things with your data: invent new products; improve processes; help solve customer problems. But employees can also do many bad things with your data. Insiders are one of the leading causes of data loss. Employees can also fail to protect data or conform to data privacy standards like GDPR, leaving you vulnerable to financial penalties. In order to protect your data from misuse by employees, you need to know your data as well as they do.
Insider Threats to Data
Some insider threats to data aren’t deliberate. Employees can share data with the wrong person, or share the wrong file, accidentally. They can be trying to do their job more efficiently and use an unapproved file-sharing service to send a large file to a supplier. They can forget to use the encrypted email option. They can click the wrong link and introduce malware or enter key data into a phishing site.
Other times, malicious employees deliberately steal data. The employee can be planning to leave your company and bring inside information to a competitor, or use it to start up their own business. Employees in financial need can be vulnerable to blackmail and steal PII or other data.
Protect Against Insider Threats to Data
Some information security measures can help protect against these insider threats. Antivirus software, data loss prevention software, and cloud access security brokers (CASBs) all introduce controls to prevent employees from accidentally or deliberately exposing private information. To make controls more effective, however, they need to be deployed where they’re most needed. That requires understanding your data so it can be managed and protected in ways proportionate to the risk. Data Insight and Enterprise Vault from Veritas help you understand and manage data effectively. They allow you to:
• Identify data. There’s a lot of data that’s simply unknown or not understood. Data Insight helps you classify information and assess its risk.
• Automate data retention procedures. Enterprise Vault automates data retention procedures, including deletion of data that’s aged out.
• Audit data access. Use Data Insight to automate user access and entitlement reviews. Data Insight also provides analytics to identify suspicious access to data.
• Comply with GDPR and other regulatory schemes. With Data Insight and Enterprise Vault, you can monitor access to personal data and ensure it’s fully corrected or deleted in response to consumer requests.
A lot of information security planning focuses on the external threats to data. Those are important, but so are the internal threats. By supporting the Veritas tools, along with the Bitglass CASB, VAST IT Services helps our clients understand their data and protect it from misuse by employees. Contact us to learn more about how understanding your data helps you keep it secure.