26 ways your organizational data can be put at risk.

The topic of Data Security had swept through the nation and indeed the entire planet in the last 12 months or so, with high profile cases like that of Edward Snowden at the NSA and the Heartbleed Bug. A few months later, It seems that the crisis had blown over and we can all return to our normal routines and put data security in the back seat for a while. 

Often times, we picture a hacker slaving away in a dark room, breaking through the cyber defences of a highly secure organization in order for a data breach to occur. Today, we’ll talk about how easy it is for insiders (i.e. normal employees like you and I) to transfer information out of the organization. Hopefully, this gives us a better appreciation of the threat, how close it is to home and how we should always be on our toes. 

Insider data breaches are mostly done through the Endpoints of the organization.What is an Endpoint? Essentially, it is the device/workstation an employee uses for work. This can include desktops, notebooks, smartphones and tablets. While the consumerization of personal smart mobile devices means that more people are using their tablets or smartphones for work, desktops and notebooks are still the primary device used for business activities, according to a research paper by PC Connection.

There are a dizzying array of ways data can leave the Endpoints of the organization but we can classify them into two general categories:

1.) Devices

2.) Internet

Data loss through devices
Flash drives are one of the easiest and fastest ways data can be removed from Endpoints, as illustrated by Edward Snowden in his widely publicized data theft incident. However, this is not the only means for creative employees to extract information.

Here is a non-exhaustive list just to give you an idea:

1.) Removable Storage Devices
2.) Normal USB Flash Drives, U3 and Autorun Drives, Disk on Key, etc
3.) USB 1.1, USB 2.0, USB 3.0
4.) Wireless USB
5.) LPT/Parallel ports
6.) Floppy disk drives (albeit a little obsolete)
7.) Memory cards – SD Cards, MMC Cards, Compact Flash Cards
8.) Card Readers (Internal or external)
9.) CD/DVD-Players/Burners (Internal or External)
10.) Digital Cameras
11.) Smartphones and Tablets 
12.) iPods/iPhones/iPads (Including the very flexible iPhone 6)
13.) MP3 Players, Media Player Devices
14.) External HDDs/Portable Hard Disks
15.) FireWire Devices
16.) PCMCIA Devices
17.) Biometric Devices
18.) Bluetooth Devices
19.) Printers (Serial, USB, LPT connections)
20.) ExpressCard (SSD)

Data loss through the internet
Devices are not the only means through which data can be lost. The internet, with today’s speed and multiple services/applications, is a common and easy means of transferring data out of the organization. It is not uncommon for employees to email documents to their personal emails or onto file sharing applications like Dropbox.

Again, here is a non-exhaustive list:
1.) Email Clients (Outlook, Lotus Notes)
2.) File sharing applications
3.) Web browsers
4.) Instant Messenging
5.) Social Media
6.) Cloud tools (iCloud, Google Drive, Dropbox, Microsoft Skydrive)

There you have it: 26 ways your organization data can be put at risk. To greatly limit and control data loss through these means, a solution that allows the easy administration of control for these Endpoints, in other words, an Endpoint Security solution, is required.However, there are many Endpoint Security solutions available in the market and users are increasingly creative when it comes to bypassing such measures.

In a future post, we will explore some of these antics, as well as possible solutions to guard against increasingly "creative" and "resourceful" employees whose practices can put your data at risk.


Like this article? Rate it!

Related Articles