Even if cyber-attacks and data breaches regularly make news headlines, many Los Angeles distributors could benefit from a better understanding of how and why data leakage occurs.
In addition, while distributors are exposed to the same threats as many other enterprises, they may have more data at risk. End customer and reseller account details with weak or non-existent security can provide openings for attacks.
You Can’t Fight Fires with Just One Extinguisher
Data leakage and fire have a lot in common. The means to fight fires, fire extinguishers need to be properly placed throughout a company’s premises. Having just one extinguisher in customer reception is insufficient, especially if a fire breaks out in a loading bay at the other end of the site.
The same thinking applies to effective mitigation of data leaks. Solutions need to be implemented to cover the enterprise as a whole: think site-wide sprinkler systems but in a virtual rather than a physical sense.
Where Does the Leakage Start?
Data can escape from your distribution company in any of three unauthorized ways:
- External attacks. These often get the most publicity.
- Insider attacks. Disgruntled employees and ex-employees or infiltration of personnel by third-parties including service companies make this a major threat as well.
- Operational carelessness. These cases can include losing a USB memory stick with confidential data or accessing company data through public Wi-Fi.
Preventing Confidential Data from Leaving the Building
Effective mitigation tactics against data exfiltration, as leakage is also called, include IT and network security tools as well as appropriate behavior and policies.
- Employee information security awareness and training. If they have to choose, hackers prefer targets with tight technical IT security and sloppy employees, rather than the reverse because insider carelessness opens up so many easy ways into the system.
- Least privilege security policies whereby access to confidential data is given only to those who need to know in order to do their jobs and even then only up to the level necessary.
- Correct use of data loss prevention (LDP) capabilities already built into applications such as Microsoft Office (“Password to Open” function) and Adobe Acrobat and Microsoft Access (“Encrypt with Password”).
- Dedicated DLP software to analyze network communications and identify data such as pre-defined keywords (like “Company confidential”), alphanumeric sequences typical of account numbers, and corporate email addresses. Upon identification, certain DLP applications then warn or block the transfer. This capability can be used on transfers between PCs and thumb drives as well.
- Thin client systems help to avoid leakage by giving the end-user a window into the system, but ensuring that all actions are taken on a central server, and avoiding any storage of confidential data on the user’s PC or mobile computing device.
- Application proxy firewalls that examine all levels of network traffic to reveal any suspect commands or packet code hidden by hackers for surreptitious attacks on data centers.
- Virtual private networks (VPNs) to secure communications between your users and servers, preventing snooping by third parties.
- Data encryption to render useless any data that does find its way out of your systems.
To prevent data leakage, some Los Angeles distributors go as far as disabling CD drives and USB connections for memory sticks on company PCs.
Are you in favor of such a policy or do you think there are other more appropriate options? Give us your point of view in the Comments section below.
To follow up on the tips in this article, download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.