Security Fridays: Week FiveChris Cassell 20/02/2020, Industry News
Reducing human error to prevent data loss
Realistically the probability of data loss and breach can never be eliminated as long as there are people in the equation. There is always a risk of a mistake when humans are involved. This has always been the case and can be exasperated by the modern age and the increased demands that many situations place upon people.
We work longer hours than ever, with less time to decompress, we’re driven to exercise and perform a great deal more personal maintenance than ever before. It’s all a bit of a perfect storm to stop people really being able to dedicate their full time and attention to any one task with enough care to be absolutely sure that it’s correct. With so much on our plates the idea of taking the time to double or triple check what we have done before we release it is just not possible for most people any longer.
In most cases this leads to things like substandard press releases, or slightly incomplete documents that need several revisions before they are really fit for purpose. However that sometimes leads to incidents like this, when the wrong attachments are uploaded with the sensitive data included instead of the sanitised version or e-mails sent to the wrong people, or with the wrong attachments included.
This is one of the major purposes of automated security software such as an enterprise DLP solution. These sort of tools allow for the system to double check human work for error and offer educational prompts or even directly stop this kind of issue by checking the data that’s about to be uploaded and checking exactly what sensitive contact it’s got and controlling it’s release.
1 – Use automated security solutions such as DLP to double check human work to make sure that data isn’t accidentally released by the attachment or transfer of incorrect documents or uploads.
2 – Design data processes to have levels of approval when handling sensitive data, either via peer review or through a hierarchy of approval that requires work to be submitted to an auditor for checking before final release.
3 – Use Data Discovery and Governance tools to limit the spread of documents containing sensitive data, removing them from endpoints and shared folders to ensure that users have to take a deliberate action to obtain sensitive data which should make them realise when they are doing it by mistake.
Read the article that was analysed here: https://www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients