Most companies are very good at protecting data that they know about and consider sensitive – they restrict access to the HR systems where compensation data is available. They put access controls and monitoring procedures on systems that store critical intellectual property like formulas or key financial analytics.
Typically, they have formal policies and associated technology deployments and procedures to protect sensitive data.
When someone downloads that data from a secure environment into an Excel spreadsheet or a thumb drive, all the controls are gone.
Technology can’t solve this – this is human problem. It can only reasonably be addressed through appropriate use policies and extensive and ongoing user awareness training. Employees need to understand DON’T TAKE SENSITIVE DATA OUT OF ITS CONTROLLED ENVIRONMENT!
The CIA has plenty of technology and many smart people, but it couldn’t prevent Edward Snowden.
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.