Collaboration tools make work-from-home easier, but they can cause costly breaches
September 9, 2020
Transparency. People want to work for a company that’s transparent and trustworthy. It’s important to tell employees exactly what the company does to monitor for insider risk. If the organization monitors endpoints to look for data that’s leaving the enterprise, companies need to tell employees this. Make sure they understand that the company trusts them, but that corporate IT will verify that they are living up to their obligations.
Training. Companies want employees to use collaboration platforms intelligently and in line with corporate policy. That means the company needs to first establish a well-thought out policy, and then teach team members the right ways to handle data. So the next time Bob decides to share a company file on Dropbox, the IT staff can email him a video demonstrating how to use OneDrive, the corporate sharing tool. Also, remind employees that work they create for the company will remain company property. If a John Deere employee builds a tractor while working for John Deere, she knows the tractor must stay when she leaves the company. The same holds true for the software that runs the tractor. The company also owns the software because they paid the engineer to write the code.
Technology. Even with the best training programs and being consistently transparent, there are still risks to company data from the actions of insiders. Companies need technology to verify that the team abides by the company’s policies, not downloading lots of data at odd hours of the day and saving it as ZIP files on thumb drives. The organization needs an automated way to detect when data gets moved in anomalous ways and then flag those events for further scrutiny.
The CIO of Artesia General Hospital in rural Southeast New Mexico shares the ongoing staffing and resource challenges he faces on a daily basis, and how his IT team tackles risk and workforce training.
The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.