Internal Threats to your Data

A portable hard drive that contained personal information of more than half a million Canadians “disappeared” from the Gatineau office of Human Resources and Skills Development Canada.

The 583,000 Canadians whose information was “lost” were Canada Student Loans Program borrowers. The information included their names, social insurance numbers, birthdays, contact information and loan balances. It also contained information about the borrowers’ parents, siblings and spouses, which could conceivably increase the number of people impacted to two million plus.

Whether the “loss” was malicious or inadvertent, the Canadian government now joins many private businesses in learning the hard way that a major threat to data comes from within.

There are a number of factors that make internal data compromise difficult to address.

• Unstructured data lacks adequate controls: unstructured data is stored outside business applications and can be viewed outside the core business systems. This causes security issues because audit trail controls no longer apply.

• Most enterprises have huge volumes of unstructured data: often the excessive amount of unstructured data is due to poor organization of unnecessary and outdated files.

• Sensitive data is not readily identifiable: due to large volumes of data it is difficult to identify the small subset of sensitive data that needs to be safeguarded.

• It’s easy for data to travel: with staff email and access to the Internet, with file-sharing sites, with tiny data storage devices, the transfer of data out of the organization is extremely simple.

To address the unstructured data leakage risk, enterprises must have strong data governance and management controls in place. These controls are necessary to reduce the volume of unstructured data and to identify and control the most sensitive information.

Comments are closed.