WikiLeaks-Style Data Downloads: Is Your Business at Risk?

Disgruntled. Soon to be laid off. Starting their own firm. In desperate need for cash.

Employees steal data for all kinds of reasons — it’s surprisingly common. And while no one wants to think that someone on their team would steal sensitive information, striking a balance between protecting your information and maintaining a productive environment is just good business.

So what steps should you take to protect against data downloads?

First, think about the data that could hurt your business if it were stolen. You’ve probably locked down human resources and financial data for the obvious reasons, but what about the data your sales team uses? Sales personnel need access to work content like proposals and client lists to do their jobs well — limiting access will only slow them down, of course. Yet these proprietary details are key to the success of your business.

Second, think about protection in tiers. Start with what’s easiest and most cost-efficient and work your way up until you’ve reached the point where “the cure is worse than the disease.” A word of caution: don’t hop away from certain steps just because they’re hard. Avoid them only if they’re overkill for your particular business.

Here are some steps you can take yourself:

1. Write out a clear policy that defines acceptable use of company information. Update the policy as needed, and have employees sign it every year to show that you’re serious. Include items such as never sharing your password with other employees (Leapfrog has a template you can use — just ask us.)

2. Have employees password protect their sensitive files.

3. Limit access to your network when people are working remotely. Most thefts occur when no one is watching and often when employees are off site.

4. Run credit checks periodically. In addition to standard pre-hire background checks, look for problems with debt every couple of years. Most people steal for financial reasons, including those who would never do so unless their backs were against a wall.

Here are some steps your IT team can help you take:

5. Organize your data into security groups that limit access. And go beyond the typical one or two levels because that’s usually not enough. Don’t worry: security groups won’t impact productivity if they’re set up well, and gray areas can be identified, discussed and managed in advance.

6. Disable the ability to use external hard drives (including USB drives) or send large email attachments.

7. Install anomaly detection software or other policy enforcement tools. If you work with extremely sensitive data, you can use auditing software that records activity on your network. This works like the software your credit card company uses to spot unusual or major purchases on your account so they can notify you. This solution can be quite costly, however, and more than most businesses need.