Would you be surprised if I told you that nearly 40 percent of all data leaks within the past three years have happened between January and April? According to the Open Security Foundation’s DataLossDB, there have been 2,402 data loss incidents reported between 2007 and 2010 and 916 of them happened during tax season,
There is no question that businesses are already transferring increased amounts of sensitive financial and company information among partners, customers and third-party consultants to meet the April 15 deadline. But during tax season, there is a question that needs to be front of mind for every IT and security professional: Who is transferring what, to whom, when and why?
That is more than one question, but you get the idea.
The stats tell us that data leakage in the first third of the year is a noteworthy concern and let’s face it, security isn’t top-of-mind for the employees in your finance, audit and operations departments.
They know the deadline is around the corner and are going to do whatever it takes to get their job done – which usually includes using personal webmail to transfer large, sensitive files and using USB flash drives to bring balance sheets, customer lists and intellectual property home with them for after-hours work or to quickly and easily share the data with an outside consultant.
Security professionals need to be on the lookout for risky file transfer activity – especially between January and April.
Here are a few tips to help ensure that sensitive information isn’t walking out the door:
- Gain visibility and insight: It is impossible to control what you can’t see. Security staff needs complete visibility and context into all file transfer activity, internal and external, to understand patterns, identify risks and prevent malicious or accidental leakage. This visibility needs to extend beyond just employees – including third-party consultants or auditors that are plugging into your network, accessing your data and handling business-critical information.
- Create and enforce security policies: Set parameters that meet your security and compliance initiatives and won’t disrupt business and workflow. Use file-expiration rules to reduce the risk of tax-related documents being inappropriately accessed – even after they’ve left your network.
- Use encryption to ensure privacy and confidentiality: Data is most vulnerable when it is in motion. Make the integrity of all file transfers non-reputable by using end-to-end encryption that ensures that the file has not been tampered with while in transit, and ensure that it reaches its intended recipient without corruption.
Tax season is stressful enough without having to deal with the pain and cost of a data breach.
Take control and manage the sensitive, tax-related files moving within and beyond your network and ensure that each transfer is reaching only the intended recipient.
If you don’t have the visibility, it is only a matter of time before you find out the hard way that an employee in your company sent something to someone that they were not supposed to. And there is no refund for the fines associated with a data breach…