Pirated data risks: Remote teams need to become a first line of defense
The increasing number of news headlines that mention data piracy, theft and database hacking makes it clear that businesses need to treat data as a valuable asset. This is especially true of businesses with teams that work remotely, as these set-ups usually have fewer security protocols.
Most remote workers are working from their homes, and unless those team members are conscious of cybersecurity, they’re not likely to have intrusion detection systems and firewalls on their personal networks.
That doesn’t mean it’s a hopeless situation, though. Through understanding the risks of data piracy and measures that can be taken to protect against it, your remote team can minimize the chances of your business becoming another statistic.
Increased Threat of Data Theft
According to RiskBased Security’s Cyber Risk Analytics Data Breach Report for 2019, 3,813 breaches that exposed over 4.1 billion records were reported before June 30th that year. Those figures were a 54 percent increase in the number of reported breaches, and a 52 percent increase in the number of exposed records, compared to 2018 figures. Three of the breaches that occurred in 2019 are among the 10 largest on record.
Data thieves are not fussy about the content of the databases they steal. In the right -- or wrong -- hands, data such as corporate business plans, credit card details and personal information are valuable.
While a successful breach undoubtedly makes data thieves happy, it can mean nothing less than devastation for some enterprises. In 2018, Inc. reported that the National Cyber Security Alliance found that 60 percent of small and midsize businesses in the USA closed within six months of being hacked.
Additionally, the National Center for the Middle Market and Cisco found an alarming number of businesses are not protected. The report revealed that 62 percent of respondents’ businesses either had no cybersecurity strategy or their strategy was inactive/out of date.
Remembering that the threat of data piracy can come from inside or outside a business, it’s important that cybersecurity strategies include several components. No matter how good an intrusion detection system or firewall may be, relying on it solely is not wise.
Inside Data Piracy
According to Help Net Security, a 2019 survey found that 24 percent of employees would steal company data if it would help them secure a job with a competitor. Verizon’s 2019 Data Breach Investigation Report revealed that 34 percent of 2018’s data breaches were caused by company insiders.
However, data piracy as a result of the actions of insiders is not always deliberate. According to Kaspersky, 52 percent of business owners surveyed said that human error was the biggest risk to data security.
It may happen because an employee is not exercising due caution, they have fallen victim to a scam or they simply are ignorant of various security risks. For example, they may not be cautious when working on a public Wi-Fi network, don’t change passwords regularly or don’t use a VPN. Another problem could be stolen mobile device or computers. One of the best things managers and business owners can do for their businesses and team is to educate them about the risk of data theft.
Possible Solutions to Inside Data Piracy
The following plan of action offers possible protections and solutions to the threat of inside data piracy:
- Ongoing company-wide training -- Whether done in-person, via video or online, ongoing cybersecurity training should be compulsory for all employees, especially if they work remotely. Training should include information on how breaches happen, how employees can protect themselves and how to protect the company. They should also be kept updated about phishing and other scams, so it’s important to schedule refresher courses. Free courses and training resources are available online.
- Create guidelines and protocols -- Create a document that details the company approach to cybersecurity. It should include points such as how notifications of security issues are communicated, the company’s access security protocols, how employees should respond to various security threats and using a virtual private network (VPN), Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA).
- Encourage a culture of honesty -- Encourage employees to be honest, especially if they know ofor exposed themselves and the company to a potential cybersecurity threat while working remotely. The sooner management is made aware of such issues, the sooner data can be protected, and the breach can be countered.
Protection Against Outside Data Piracy
The following measures can protect against hackers and others who attempt to steal data from outside the company, and they all can be used with remote teams:
- Endpoint security management -- Mobile devices and computers used by employees should be secured with endpoint security measures to protect company assets. That way, any processes they attempt or data they send will be secure. If there is a BYOD policy in place, this is even more critical.
- Password best practice -- Employees must choose strong passwords, which should be over 10 characters long and include a mix of letters, numbers and special characters. Changing passwords routinely should be mandatory.
- Cloud-based encryption software -- If the remote team uses cloud storage for company data, use cloud-based encryption software to encrypt the files that are moved to and from the cloud.
- Network security tools -- Use VPNs and other network security tools for added protection.
- Multi-Factor Authentication -- Your remote team should require more than a username and password to access the network or company files. Implement MFA or 2FA.
Data Protection and The Law
The world is becoming increasingly driven by data, so it’s no surprise that local and international governments are creating, implementing and improving data theft laws and regulations. Data piracy is illegal, as is not protecting data.
In many places, companies that do not protect data are heavily fined. The Consumer Privacy Act of California (CCPA), the modified SHIELD Act of New York, and Senate Bill SB-220 of Nevada are examples of tightening data protection laws in the USA.
Your employees need to know that not only does data theft leave the company vulnerable to potential failure or loss of reputation, it can also have major legal ramifications too. Staying up to date on the latest regulations is something that can be included in training, or outlined in regular staff bulletins.
Protecting data from piracy cannot be left to one or two employees. Instead, it’s something your entire team must participate in. Data has been described as "the new oil" and employees need to understand its value, and why it needs to be kept safe.
Chad Carter, VP Sales North America at WALLIX. Chad has been working in the technology field for over 25 years focusing on enterprise cybersecurity and regulatory compliance in industries ranging from healthcare and finance to manufacturing and retail. With an M.S. in Security Administration, he started his career with Cabletron Systems during the battle of the 100Mb technologies in the midst of the Y2K scare. He made the move to cybersecurity in 2010 and has never looked back.
Alex Thornhill writes on business matters for EfficientIP that keep your company safe, healthy and thriving.