The massive scale of the recent cyberattacks in the retail industry have overshadowed another equally concerning source of data theft: unencrypted files stored on laptops and USB drives.
Jan 22nd, 2014
The massive scale of the recent cyberattacks in the retail industry have overshadowed another equally concerning source of data theft: unencrypted files stored on laptops and USB drives. According to eSecurity Planet, losing devices, such as laptops, was a leading cause of data breaches in the last few months, a problem that is potentially very costly for businesses.
Laptops, USB drives and other devices are not secure enough for company data
Criminals have a much greater motivation to steal corporate devices than just benefiting from the potential gains from the cost of the hardware. By stealing laptops, people often gain access to troves of company information, including customer identity information that comes with a high ticket price on the black market, the source noted. In fact, the theft of a 12 dollar USB drive could result in million-dollar losses.
"Whether or not, in a particular instance, a thief was looking for the data on the machine," ESET Senior Security Researcher Stephen Cobb told eSecurity Planet, "the fact that there is this market in name, address, Social Security number, phone number, credit card data and so on, makes the loss of a device which has got that data on it all the more potentially damaging."
For example, Horizon Blue Cross Blue Shield lost thousands of members' data when several laptops were stolen from its offices in November, CBS reported. Although the laptops were password protected, the files were not encrypted.
Secure file sharing necessary to prevent data theft
Losing devices like laptops and USB drives would not be so concerning if the thieves were not granted immediate access to sensitive information. Instead of relying merely on password-protected files or devices, it's essential for businesses to safeguard their data with solutions like secure file sharing and managed file transfer services.
Services that are designed to offer the highest level of protection for company data without sacrificing accessibility can encrypt information and store data outside of portable devices. That means employees can access the information on laptops and other devices without creating local copies that thieves acquire when they steal the machines.
While there are a number of strategies companies can employ to keep their data safe, it's important to provide alternatives to high-risk services like Google Drive or Dropbox. Additionally, security processes must by augmented by clear, enforced policies and protocols. The eSecurity Planet report noted that employee error, such as neglecting company data procedures, was the second leading cause of data breaches in the last few months. Secure file sharing services must be convenient and simple to use so that employees are less motivated to resort to shortcuts.