The modern business environment is constantly evolving.  Many organizations now take the view that in order to not only survive but also an attempt to out maneuver  the effects of competitive forces it is essential to be early adopters of new technology.

Everyday the number of tools with which employees and customers communicate is growing, as are the number of places in which corporate content can be stored. In a typical organization of information workers there are a plethora of tools in use;

  • Corporate emails systems using local clients, such as Outlook; corporate email systems using web-based access, such as Outlook Web Access; and personal Webmail systems.
  • Unified communications systems
  • Corporate instant messaging and Web conferencing systems, such as Microsoft Office Communicator; and instant messaging systems, such as MSN Messenger.
  • Dedicated social media tools, such as IBM Connections and Jive; and “public” systems, such as Facebook, Twitter and LinkedIn.
  • File transfer systems in the cloud, such as Box.net and YouSendIt.
  • Content synchronization services, such as Dropbox.
  • Content backup services like Backblaze and Mozy.
  • Content archiving services.
  • Voice-over-IP services, such as Skype.

One of the side effects  of the constant rate of change and level of integration required is that all too often the securitization of IT systems is most often overlooked or only given secondary concern.  In cases where security has been considered it has proven to be woefully inadequate.

In many cases especially where cloud services are concerned it is often assumed that the service vendors security will provide adequate protection. However, like everything else in business this tends to follow the Pareto’s principle, in that in 80% of cases this may prove to be adequate BUT,  there is a 20% chance of a vulnerability being exposed and in today’s day and age these stakes are still way too high.

Consider these examples;

  • On June 19, 2011, Dropbox updated its code and inadvertently allowed access to every Dropbox account for about four hours before resolving the problem.  During that time, a hacker was able to download Dropbox customer data from a number of accounts.
  • In late 2010, a configuration error allowed Microsoft BPOS customers to download address
    book information for other BPOS customers for about two hours

If these factors were not enough to worry about, there are also the user based errors that prove to be ever more on the increase;

  • The Social Security numbers for 20,000 employees of Swedish Medical Center in Washington State were made accessible on the Internet for nine weeks during April 2011.
  • It was revealed in May 2011 that an employee of San Juan Unified School District in central California stored confidential employee information on a flash drive. When the employee used that drive for volunteer work at her church, the confidential information was uploaded to a Web site where it was freely available for about six month.
  • In 2009, an employee of Rocky Mountain Bank mistakenly sent sensitive information to the wrong Gmail address and included a confidential attachment that never should have been sent. Because the unintended recipient never responded to the sender, the bank sued Google to determine the identity of the recipient.
  • Hundreds of thousands of devices – including smartphones, tablet computers, laptops and usb keys – are left behind at airports, in taxi’s, in restaurants, and in other locations each year.

Most corporate data is not encrypted

The commonality in all these cases is that the corporate data involved in these incidents was never stored in an encrypted state.

the majority of emails, files and other corporate content are not sent or stored with any sort of encryption, they can be easily intercepted and accessed by unauthorized parties, or they can be accidentally leaked in any number of ways.  It is this oversight that enables the high occurrence of security breaches.

Many of the information systems developed internally and externally for enterprises throughout the world are developed without any form of encryption at the data storage level, and much of the security is dependent on application access roles and privileges. The result is that almost 80% of corporate data worldwide is comprisable!

If you would like further information on how to ensure your corporate data is among the 20% of secure organizations, contact Three Nine. You’ll be able to sleep easier at  night safe in knowledge that we are working hard to ensure that your data stays firmly in your hands!

Three Nine’s provide a comprehensive range of consultancy services to help enterprises face the most demanding security, Information management, Information technology, disaster recovery\business continuity and project management challenges.

Irrespective of size or sector, Three Nine  aim to provide an unequalled service to help our clients sleep soundly in beds, in the knowledge that the threats of spam, hacking, malicious attacks, accidental loss and data theft are reduced to the absolute minimum, if not eradicated altogether.

For more information about which services we can help you with please call 0845 689 0033 or contact us