It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Data Security Solutions Must Cover Remote Workers

Posted by on in Data Security

The increasing mobility of today's workforce is both a blessing and a curse. While productivity levels can climb off the charts, security stances tend to degrade the further employees stray from the central office. In fact, a series of high-profile incidents have suggested that it is these remote workers who should be the primary audience IT teams have in mind when rolling out new data security solutions.

According to a recent poll of 1,000 office workers conducted by cybersecurity awareness firm PhishMe, home-based employees could be the weak links that motivated cybercriminals target first. Only 15 percent of employees felt safer from email-based threats when working away from company headquarters, with approximately half explicitly fearing an elevated risk when accessing business assets from home.

"Some employees falsely believe that their role isn't important enough for a hacker to attempt to spear phish them,"  PhishMe CTO Aaron Higbee told Techworld. "If the attacker's main goal is to simply obtain access to an internal network, they won't discriminate. Everyone is a potential target."

Small gaps, big risks
In a guest column submitted to USA TODAY in the wake of The New York Times and Wall Street Journal hackings discovered earlier in the year Higbee suggested that the aforementioned lateral attack strategy was likely at play in those breaches. By exploiting the data security defenses of just one employee out of thousands, cybercriminals were able to gain the access they needed to smear the reputation of the two targeted publications and walk away with information of potentially significant political consequence.

In Higbee's opinion, however, there was too much emphasis placed on the antivirus software vendor blamed for the initial oversights at the the two newspapers. In reality, companies stand little chance of deflecting each and every malicious network access request. What IT teams do to secure assets in these contingency scenarios is likely much more important.

As the PhishMe research confirmed, at least a limited number of employees can be compelled to click on malicious links or unwittingly supply privileged information to attackers - particularly those cloaked in the disguise of an IT department email address. With that said, protecting sensitive data may be more about mitigation than absolute prevention. By employing data encryption software, managers can effectively nullify the functional value of any file which accidentally finds its way into enemy hands.

Tagged in: Cyberattacks Data Encryption Data Protection Hacker

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013