Best Practice Steps for Safe Data Sharing
Written by Steph Charbonneau, Senior Director of Product Strategy at HelpSystems
Digital data is everywhere. You only have to look at how much data is transmitted over the internet on a weekly, daily, hourly, or even second-by-second basis to understand just how much data is being shared. In fact, at the start of 2020, the amount of data in the world was estimated to be 44 zettabytes. Given how much data is created every day, pundits predict that this will likely increase to 175 zettabytes by 2025.
As employees and businesses, we are constantly sharing information. Likewise, the number and variety of entities and individuals we share that information with has grown exponentially. No longer is this simply restricted to the perimeter of our own businesses, but it now extends to partners, suppliers, customers, prospects, and influencers around the globe.
Consequently, the challenge for most organisations now is: how do we share data easily, quickly, yet also securely?
More Regulation, More Data Breaches
The good news is that there is more regulation to govern data, requiring organisations to protect it from unauthorised access. However, the bad news is that there are also more data breaches occurring. And if your data is vulnerable to cybercriminals or even to human error, unfortunately you need to be prepared to pay. According to a study undertaken in 2020 by IBM, the global average total cost of a data breach is now estimated at $3.86 million.
Layer on top of this the reality that many employees will continue to work remotely yet still need to securely collaborate from anywhere, and you can quickly appreciate how the risk is escalating with this extended attack surface.
However, it is challenging to find a solution that is capable of handling file sharing or the secure sharing of confidential information on a regular basis. Often it can be hard to trace what happens to that information after it has been shared, or to identify whether the information should be shared in the first place.
Prevent Unauthorised Access to Sensitive and Confidential Information
Organisations must therefore implement the appropriate measures to prevent unauthorized access to sensitive and confidential information. They also need to prevent accidental loss or the deletion of any confidential data. This is where UK public sector organisations make it easier for employees to understand what constitutes confidential information which needs to be protected, as most have some form of Protective Marking System in place which highlights the sensitivity of the information and what action employees need to take.
However, private sector organisations don’t typically have such policies in place and often this can leave employees unsure about what constitutes sensitive or confidential information. It is therefore important that organisations establish a culture of security whereby employees are trained on how to appropriately classify, handle, transfer, and delete any such data. And of course, that they have the right tools and technology to enable them to do this, efficiently, proactively, and securely.
Take a Risk-based Cybersecurity Approach
In deciding the most appropriate way to do this and the level of security required, organisations should take a risk-based approach. For example, when sharing confidential information, the employee must ensure the recipient understands why the information is being shared and the circumstances under which it may or may not be shared. They also need to ensure that any further handling of the information is secure. This applies whether it is being shared with someone inside or outside the organisation.
When dealing with external parties, businesses need to understand what data they will need access to and why, and ultimately what level of risk this poses. Likewise, they need to understand what controls such parties have in place to safeguard data and protect against incoming and outgoing cyber threats. This needs to be monitored, logged, and regularly reviewed, and a baseline of normal activities between the organisation and the external party should be established.
Layer your Data Security Solutions
Here at HelpSystems we advocate taking a layered approach to data security that starts with understanding and classifying your data and identifying what information needs to be protected. Here data classification tools are critical to ensure that sensitive data is appropriately treated, stored, and disposed of during its lifetime in accordance with its importance to the organisation. Appropriate classification protects the organisation from the risk of sensitive data being exposed.
But inevitably employees will accidentally send sensitive data to the wrong person or transfer an otherwise “safe” document that contains hidden metadata that could compromise the organisation. Any number of scenarios can put an organisation at risk unless they have a solution in place to detect and sanitise data in real time, before a breach occurs. Therefore, organisations need to detect and prevent data leaks, and this means ensuring that documents uploaded and downloaded from the web are thoroughly analysed. To do this effectively, they need an integrated Data Loss Prevention (DLP) solution that removes risks from email, web, and endpoints, yet still allows the transfer of information.
After you’ve ensured your data is identified and classified, scrubbed of potentially sensitive data, and approved for sending by authorised users, it needs to be sent or transferred securely. This can be achieved by email encryption or, where there are large volumes of data through a managed file transfer (MFT) solution.
And finally, to secure confidential data whenever and wherever it travels, Digital Rights Management software provides organisations with the ability to track, audit, and revoke access at any time by encrypting the data with a unique key that is secured via a cloud platform.
Layering data security solutions is a proactive approach to protecting your confidential and sensitive information. Data security is only as robust as the various elements that support it. Tiering proven solutions to ensure your sensitive data remains secure from start to finish will help you to avoid any data compromise – and the financial and reputational costs that go with it.
If you are interested in finding out more about specific use cases around best practice for sharing sensitive data, please download our guide.