3 Ways Your Company Data is at Risk
For IT staff, security professionals, CIOs, sys admins, CISOs, CTOs, and those making cyber insurance decisions.
We hear from our enterprise clients that when it comes to enforcing workplace policy, changing their employee behavior is an ongoing struggle.
As you try to protect your company's data and manage daily employee work habits involving multiple devices, critical company data, files, folders, and individual workflow, keep in mind these three common behaviors that put your company at risk.
1. Important projects live on the desktop.
Consider this: most people save what they are working on at any given moment - their most important project - to their desktop. Eventually, once we get close to finished with a project, we'll look to file it away in our folder structure, on the company server or whatever; but until then it's right there on our desktop.
What are the chances you have copies of this critical data? We all know that hard drives will fail and laptops will be stolen, will you be able to recover those documents? How quickly can you get them back to the user?
For better or worse, Dropbox is commonly used in the workplace and appealing because it allows a group of people to share documents in a universal folder. By default, this is what we would call “kind-of backup”. But there are some notable downfalls with this model.
If your employees are using Dropbox, they have to remember to put their updated document into the Dropbox folder - every time. Which leads us to the second risk...
2. Shared folders lead to deleted files and folders.
When your coworkers use tools like Dropbox to share files and folders with others, they can easily loose control of the original source files. A shared folder means those with whom files are shared can also upload, move or delete files and folders too.
What's more more risky is that once the file is deleted, there is a good chance that action will go unnoticed and just like that - it's gone. And of course corporate IT would have no ability to recover the lost or missing file.
Some cloud services support recovering of deleted files -- in the first 30 days. And many of those services only support that limited window for extra service fees on an account. Other services, after 30 days you are completely out of luck. The files and folders are gone forever. Highly-used shared folders by teams, for project management, is a risky proposition for enterprise customers.
3. You don't have control of your keys.
Another security concern with tools like Dropbox is that while they DO encrypt customer data, they also DO store your encryption keys next to your data on their server.
Good rule to follow: If a company has the ability to reset your password, they are storing your encrypted data in this way and therefore has access to decrypt your data without your permission or knowledge. This means if any of their employees wanted too, they could see or read your data. Or, if they were subpoenaed for your data, it would be handed over with the keys and easily decrypted and read. This leaves little privacy or control in the hands of the customer.
Backup is different than Shared Folders
This is where companies find data backup to be incredibly valuable. It serves a different purpose than Dropbox, and meets a huge need that Dropbox was not created to meet.
And the best part? You don’t have to change employee behavior. Whatever is on saved on the desktop, any historical version, any deleted item, you have access to. But we also have a SpiderOak Groups Hive folder (also drag-and-drop) that acts like Dropbox, and can be synced across multiple devices.
Protect the 5%
Some companies might say they don’t care about 95% of their data; that if it fell into other hands, it wouldn’t really be a problem. But that still leaves 5% of sensitive business data. And truth is, if that is the case, you need to build up a protection plan around that 5%.
Businesses who experience any catastrophic data loss, a cyber attack or data breach see blows to their bottom-line, their reputation, customer retention, and often times their future as a company. It’s a real threat none of us can escape in today’s increasingly insecure world. And this reality is forcing companies to get more and more serious about privacy, security, and protecting their vulnerable data. It’s the lifeblood of business.
Why Companies Choose SpiderOak
You and I both know it’s easier to swim with the current than swim against it.
We’re happy to hear from the organizations using SpiderOak Enterprise that they found relief as soon as they installed the hosted virtual appliance, added end-users, and SpiderOak went to work in the background, automatically and reliably backing up everything (including every historical version, every deleted item). And as soon as these simple steps fall into place, you as the admin retain control, can view reports, and finally gain insight into the data landscape across your company.
SpiderOak Enterprise is one of the most affordable ways to protect your business. Learn more here.