What We Can Learn from the Edward Snowden Case

Earlier this year, an American IT professional working for the National Security Administration (NSA) contractor, Booz Allen Hamilton, managed to steal information about a massive United States surveillance program. Edward Snowden instantly became a household name warranting mixed feelings. While some people felt that his actions were noble in exposing the government’s spying action, others detested his action and saw it as a form of treason.

In either case, Snowden fled the country with thousands of highly-classified government documents. In the essence of the story, the Snowden fiasco pertains to your business as well as your personal life. While Edward Snowden definitely uncovered holes in the federal government’s ability to secure data, he also illuminated the need for more aggressive and ongoing data security for businesses.

Key Questions Designed to Assess Risk

1. Are you aware of who has what data and where they store it?
2. Can you search your corporate drives, printers, and computers for information that should be secured automatically?
3. Is it a practice of the business to store secure information in unsecured storage spaces, such as thumb drives, cloud storage, printers, or file cabinets?
4. Is there an updated, retention policy and published records that everyone in the organization adheres to?

Simply put, if you didn’t answer “yes” to every question, you need to take some type of action. Practically everyone is at risk for a data breach to some extent. If your business employs someone who is determined to steal trade secrets, the employee will try everything within their power to reach their goal. The only way to effectively thwart these types of practices is to develop an ongoing strategy that evolves with your business.  The following information provides an easy ongoing strategy to begin to secure your data.

Protect the Fringe

Mobile security, print security, physical file storage, and cloud security are all considered to be “fringe” elements. When developing a data security plan, you must include security for these fringe elements. Everyone has walked to the printer noticed someone else’s print job idly sitting on the printer. At that point, you could have read the document or simply left it there. In either case, it could have contained very sensitive information that no one was supposed to see. The following three steps address solutions to this very common problem.

1. Secure your sensitive documents in a repository and restrict the access, which will prevent the document from ever being printed in the first place.
2. Use a secure print solution that will prevent documents from just sitting on the printer. Only the authorized user can trigger the printer to begin printing the document while they are standing there.
3. Monitor documents being printed for certain keywords. As the last level of defense, some software is designed to contact authorities if particular keywords are found.

Permissions

Even though Snowden wasn’t a full time government employee; he was a contractor and had access to very sensitive information that wasn’t necessary. Does everyone who has access to sensitive information need it to do their jobs? Are you aware of everyone that has access to sensitive information? The best practice is secure dynamic end-user permissions that will not prevent an employee from performing their duties. The overall goal should be to find the perfect mixture of deeply instituted security, highly customized rights and permissions, and a focus on the front end user’s ease of use.

Locate and Secure Your Data

Everyone would like to think that their data is stored in a secure password protected location, but that is rarely the case. In reality, there are possibly loads of information stored everywhere within the four walls of your organization. Because of the propensity of this problem, few companies ever address it. However, finding your lost data is simplified with an enterprise search tool. These tools are excellent at performing automatic sweeps of computers and networks for the data that you just cannot afford to lose, such as customers social security numbers.  Check with someone who has a cyber security degree to learn some more about how it works.

What Was Learned from Edward Snowden Case?

Edward Snowden showed the venerability of the NSA, which uncovered potential breaches in every organization. To prevent this from happening to your business, you must be committed to finding, securing, and tracking all sensitive data.