Search the site


Data security and protection

publication date: Aug 7, 2006
Download Print
The rise in data security breaches and trade secret piracy over the past year is a wake-up call for executives—network security is not enough for estate agents. Incredibly, 1 in 400 messages leaving a company contains confidential data and 1 in 50 files on open share (a folder where anyone on the network can add, delete or change files, without needing a username and password) is exposed.

I believe that the threat posed internally is just as great as at the perimeter.

Over the last few years we have seen an increasing number of internal network threats in the industry. These range from specific spear phishing attacks, disgruntled employees or mismanagement in a ‘get the job done’ approach, right down to intellectual property going out on a device attached to the network. Spear phishing attacks are particularly prevalent within the industry. Spear phishers send e-mails that appear genuine to employees or members within the company, organisation, or group. The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources, or the person who manages the computer systems. It could include requests for user names or passwords.

The truth is that the e-mail sender information has been faked or “spoofed.” Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to the company’s entire computer system. Any employee that responds with a user name or password, or clicks links, or opens attachments in a spear phishing e-mail, pop-up window, or Website, risks becoming a victim of identity theft which puts them and the company at risk.

Internal staff still believe that the use of the corporate network and company data is theirs to use indiscriminately. Of course organisations need to allow employees the flexibility to enjoy their roles, but with access control monitor and blocking of the company data. It’s important to remember that this is the responsibility of the organisation itself - not everybody has the company in their best interests.

Let’s look at data and how you can protect it in more detail.

Data in Motion 

Large agencies that run a network across their branches and head office need more than network security and access control to guard confidential data. Client lists, financial information and personal details are particularly sensitive. The organisation must protect the data itself. A good start would be to look at the three key elements of data visibility and control – namely:

Where is your confidential data? Where is the data going?

What do you do once you find exposed confidential data? Look at solutions that offer encryption visibility and control. This will secure ad-hoc intellectual property and business communication, such as account details, using an encrypted email system. It gives you the ability to conduct business electronically while ensuring compliance with regulations such as the EU Data Protection Directive and GLBA.

With encryption visibility and control you will know exactly where your confidential data is going. I have worked with many organisations to help them deal with this problem. I always recommend secure messaging integration to provide encryption visibility and control in four areas:

  • Monitor and prevent information sent over encrypted email and web channels
  • Automate and enforce policies for information that must be sent encrypted
  • Detect unauthorized use of desktop encryption
  • Safeguard Employee Privacy. You must comply with international monitoring and prevention by protecting the privacy of your employees

Data At Rest – Protect your brand and reputation

Agents need to reduce the frequency and severity of both inadvertent and malicious data loss incidents to protect brand and reputation, safeguard customer data, protect intellectual property, and demonstrate compliance. IT security is evolving and solutions are becoming much more sophisticated. To manage data at rest, choose a solution that discovers exposed customer data residing on shared file servers, web servers, and desktops. Make sure the solution automatically quarantines or deletes this information. Just as importantly, however, is the prevention of customer data leaving the network. For example, when an employee planning to work at home attempts to send a customer data file to their Yahoo! mail account. Make sure you can block the transmission, unless the individual is authorised to do so.

Remember, data is your property. It is your responsibility to protect it and manage it well.

BEW Global

BEW Global (www.bewglobal.com) has developed a holistic approach to assist organisations with its information protection and network security solutions. Centred on ISO 27001, an internationally recognized security standard, BEW Global provides a framework which includes services and relevant products to help organisations achieve regulatory, compliance and security initiatives. With offices in the major regional commercial markets including Europe North America, and the Pacific Rim, BEW Global provides a truly integrated global perspective on data protection and network security.