MAKING TECHNOLOGY WORK
How CEOs Can Fix Data Sprawl It’s 2014. Do you know where your data is? By Heinan Landa
After the resignation of Target’s Gregg Steinhafel and the company’s significant stock drop following the security-breach incident, we all know more than ever that protecting company data is a C-level imperative. If customers don’t trust that their information is safe at your company, they will stop buying from you. However, to protect your company’s data, you need to know where, exactly, it is—which, in an era of data sprawl, is more difficult to discern than it sounds.
Data, Data, Everywhere Even when a company’s corporate network is protected, whenever employees take files home on laptops, tablets and smartphones or share them using services like Dropbox, they are disseminating data. Mobile devices used outside the corporate firewall are prime targets for remote data theft by cyber criminals. Not only can data residing on a mobile device be accessed, but communications between mobile devices can be accessed when the data is in transit. Additionally, unprotected home PCs and laptops provide easy access to corporate data. In essence, mobile devices and file-sharing solutions that have not been secured are gateways into corporate networks, where hackers can steal proprietary information and confidential, personal customer data. This data sprawl exposes your company to significant risk. Plus, because your data is everywhere, your IT resources can no longer manage content in accordance with company—or government—compliance obligations. Statistics suggest that this is a bigger issue than most companies realize. Eighty-nine percent of IP professionals surveyed by Dimensional Research reported that their mobile devices are connected to corporate networks. Sixtyfive percent said that they allow employees’ personal mobile devices to connect to corporate networks. Mobile devices are increasingly under attack. The 2014 Symantec Internet Security Threat Report stated that 38 percent of mobile users have experienced mobile cybercrime in the past 12 months, with unprotected personal tablets and
24 / CHIEFEXECUTIVE.NET / NOVEMBER/DECEMBER 2014
laptops being favored entry points. At the same time, more and more consumers are conducting financial transactions on mobile devices. Over the 2013 holiday season, more than 40 percent of all e-commerce was done on mobile devices.
When, What and How to Share Creating a file-sharing policy is critical to protecting your company’s data. Employees must understand that they cannot store, share or distribute work documents through nonsanctioned file-sharing solutions on company-owned devices or any hardware that connects to the company network. Your corporate file-sharing policy should clearly define the types of file-sharing platforms that can be used (or not), devices on which file-sharing platforms can be used and files that cannot, under any circumstance, be shared through filesharing platforms. Implementing a secure, company-controlled filesharing solution is the only way to completely protect your organization. When you begin assessing what you want in an internal file-sharing solution, consider the following: • Are there any compliance standards that must be met? • What kinds of devices do the files need to be shared with? • Do your employees need to be able to send colleagues links to files and folders for collaboration? • What other needs must be addressed? Just this past June, hackers broke into the credit and debit card systems at Albertsons and SuperValu, two of the nation’s most popular grocery stores. It will be interesting to see how this most recent breach affects leadership at these organizations. The bottom line? Now, more than ever, CEOs need to be aware of and involved in all aspects of an organization’s security. A security breach on your watch can send your company—and your professional reputation—on an irreversible downward spiral. Heinan Landa is the CEO of Optimal Networks (www.optimalnetworks.com), a Rockville, Maryland-based IT company that works with CEOs to provide comprehensive and strategic IT support, management and consulting services.