Data breach gives Morrisons food for thought

By Phil Barnett, VP of Global Accounts, Good Technology

This week, UK supermarket Morrisons confirmed that one of its employees was behind the data breach of confidential information on employee salaries and bank account details.

This is unlikely to be the sole instance of sensitive data being leaked by an employee. While companies can do as much as possible technically to avoid data being leaked, it is vital to educate employees about data security risks as well.

Many habits developed in personal device use are a liability for enterprises – which makes employees the single biggest security threat in terms of potential data leakage . However, for the CIO, it is not as easy as just implementing a secure mobility solution to keep data secure. As well as implementing a technological change, companies need to roll out a cultural change within the workplace.

Employees must have a better awareness of whether corporate data is secure or not. One of the greatest issues that organisations have to tackle is employees who send sensitive corporate documents to a personal email accounts. Once a document has been ‘leaked’, it is no longer under the control of the organisation, therefore its security can no longer be monitored.

The key reasons employees become data security risks are:

  • Use of unauthorised programmes on corporate devices or hardware – which create gaps through which data can leak
  • Transferring files between work and personal computers for working from home
  • Password misuse – either sharing passwords, or using the same password for corporate and personal programmes

People will always find a way to use the device or application that they want, regardless of the security consequences. For this reason, they must be educated in using technology in a new way that also ensures data security in the workplace.

Some concessions are needed by the enterprise, of course. Familiarity – with the device and apps – is vital and supports the education on safe data and information security practices. If employees are offered a better user experience in a secure way, then they are less inclined to find ‘work-arounds’ anyway. Combined with security guidelines, enterprises can establish secure mobility without exerting heavy controls.

containerised approach to secure mobility does take away many of the opportunities for data leakage. Employees can make the most of a device in their personal time and no matter what they do with, the highly sensitive corporate data will stay securely contained within the device.

To make the most of this strategy, employees need to be enthusiastic about it. Usability and behavioral education are the only way to get this buy-in.

 

https://www.iottechexpo.com/northamerica/wp-content/uploads/2018/09/all-events-dark-text.pngInterested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

dbanes
26 Mar 2014, 10:29 a.m.

Unfortunately a containerised approach won't always work as Phil says "A containerised approach to secure mobility does take away many of the opportunities for data leakage. " There are at least two problems here, one the 'containers' on the device can be breached and the user of the device still has access to the data and that's the weakest link. Loos the device and the bad guys have plenty of time to get at the data,

To be sure there's no data leakage you need to block data that you don't want to leak from ever reaching the device. Solutions like janusNET's janusGATE Mobile sit between your data store and the mobile device and deploy rules based on data classification to block anything from being transferred to a mobile device that could result in data loss.

David Banes.
janusNET Europe.

Reply