The desire for the availability of our data is unquenchable. The technological innovation which this need inspires yields continuous development of ever evolving solutions with the express purpose of ensuring our data accessibility independent of time or place.
As our work habits evolve to effectively take advantage of this wide array of product offerings, our ability to appropriately safeguard our data becomes more and more difficult. Worse, consumers frequently throw caution to the wind in lieu of ease of access.
The trouble is that many, if not all such consumers are also business users and the very controls which we implement to protect corporate data are continuously challenged by user behavior and a tenuous understanding of what is at risk.
On the Go and At Risk
A glance around any coffee house, airport or conference center results, inevitably, in observance of more than a few individuals accessing their data remotely. They busily check corporate email, transfer files and tweet their status without a second thought as to the security of their wireless connection or who may be looking over their shoulder -- each firmly believing that the probability of their being individually targeted for identity theft or cyber-attack is unlikely.
How many devices have been left unguarded in empty seats? How strong is their enforced password/PIN control? How well is your organizational media handling policy really being adhered to?
When laptops first became popular, users claimed that local password controls and operating system security mitigated the risk of data transported beyond the physical confines of their office environments. Nevertheless, according to the Privacy Rights Clearinghouse, year-to-date, over 470,000 records have been breached as a result of lost or stolen laptops.
When Dropbox first came out, users claimed that the invitation only method mitigated the risks posed by its public-facing storage repositories. Then, in August, Dropbox notified thousands of users of breached account credentials and email addresses.
More recently, the use of employee owned smart phones and tablets, commonly referred to as Bring Your Own Device (BYOD), has gained popular attention for its potential of data leakage. In fact, those concerns are well founded. Despite statistics identifying increasing malware threats among other concerns less than a fifth of smart phone users employ anti-virus or other security software to protect themselves.
The Weakest Link
The trouble is that in near every case, the strength of the technical control employed to protect sensitive data is reliant on responsible media handling and the strength of user passwords. Whereas many corporations require best practice media handling in policy and further enforce best practice password controls, unfortunately, many still do not.