The exposure of thousands of classified documents by whistleblower website WikiLeaks has been dominating the news lately. While it’s unlikely that your organization is trading military secrets, we believe there are lessons that companies of every size can take away from the WikiLeaks story.
Here are 3 (low cost) security practices that every company should have in place:
1. Have an Acceptable Use & Non-Disclosure Policy for Employees
We’ve written on this blog before that your company should have an Acceptable Use Policy – WikiLeaks reinforces the point.
Today, the Pentagon banned the use of all removable media on their networks in an effort to prevent future data breaches. While such reactive measures are clearly warranted in this case, companies should give consideration such issues before they arise.
Your policies should include clearly defined guidelines on items such as:
- The removal of company and/or client data from the work premises
- Remote access to corporate networks
- What information can / cannot be communicated via Email
- What information can be shared vs. what information is considered confidential
Acceptable Use and Non-Disclosure agreements work to protect sensitive company information whiled setting clear expectations around appropriate use by employees.
2. Conduct Regular Reviews of Folder Permissions
Companies should conduct a regular review of folder permissions on shared network drives to ensure that access rights are current and correct. As files get added, it is easy for sensitive information to get saved to unsecured network locations, exposing the information to unauthorized users. If you are running a Windows Server, there are tools available for conducting audits of file & folder permissions.
3. Have a Defined Data Protection Process for Employee Departures
A recent study indicated that 30% of departing employees would take company data with them. It is essential that companies have a well-defined process for dealing with departing employees, and re-securing their data and networks. This process should include documented access rights, and required password changes upon departure to close any potential access points.
This isn’t groundbreaking advice by any means, but WikiLeaks is as good a reason as any for every company to reevaluate their security practices, and consider simple changes to better secure their corporate data and networks.
If you would like some expert advice on implementing security measures in your business, Ask Us – we’d love to help.