According to a recent survey we commissioned, although 98 per cent of employees believe it is vital to protect confidential information, more than half don’t take any security measures at all when sending data out externally.
Allegedly, we live in a security-conscious world, or at least one that understands the potential risks of data interception or intellectual property getting into the wrong hands. Despite this, it seems that businesses are still taking unnecessary risks when it comes to protecting their information. Is this really down to sheer complacency, or is there more to it?
Companies make many blunders when sending sensitive information and here are just a few common scenarios:
- Believing that PDFs are secure.
Converting documents into PDF format and believing that this is adequate enough to protect the information is a common scenario. PDF documents can be tampered with by the end-user and it is not difficult to modify them, as there are many downloadable options easily accessible from the Internet explaining the process for doing so. Signatures, figures and confidential data can be changed and as a consequence security risks to your data could be inevitable. - Email complacency.
Sending the information in an email attachment. Today we are so email-centric that we have an over-reliance of using email as a trusted way of sending out information. Realistically most businesses should be well aware that an email attachment alone offers no protection for sensitive documents but there is a tendency to feel over-comfortable that this is a safe environment. In fact many people send email attachments without a second thought and this is where the real problem lies - in human complacency. - Relying on human intervention.
Asking the recipient to delete the information once it has been viewed. This is one of the most common mistakes businesses make, but it is one of the most vulnerable methods. Even if the recipient does remember to delete your email (and there is a good chance that they won’t), they are even less likely to delete the item from their ‘deleted items’ box straight away, which means the information is sitting in their deleted folder and is easily accessible. Whenever you rely on human intervention there is always an increased risk of it backfiring so it is worth being very wary of this risks associated with this and wherever possible, avoid sending confidential information using this tactic. - Assumption that data has arrived.
One of the most overlooked questions is - was the data actually received? Can you be sure the data you sent was received by your the intended recipient? A common scenario is assuming the data was received, reviewed or amended by colleagues and clients, when it never actually arrived in the first place, as there is no formal way of confirming this, other than vocally. - Using inappropriate and easily intercepted methods.
Using methods such as fax or post increases the risk further of data falling into the wrong hands. Since most fax machines (if used at all nowadays) tend to be positioned in open spaces in offices in full view of whoever happens to be nearby, they offer little in the way of privacy or protection. This risk is magnified in larger serviced offices where there may be other businesses sharing the same space as you. Equally using the good old fashioned postal service may be more than sufficient in some cases, but also poses its own risks of interception.
If you need to send confidential information (which inevitably you will at some point), it is worth using a method that allows you to send the information in any format and in an isolated fashion.
Ensuring that the detail can be viewed as required but in a controlled way that allows you to choose exactly who sees it, what they can do with it and how long they can see it for is the safest route to take.
Having control over the possibility of an external party editing, altering, printing or downloading your information will also give you increase peace of mind as well as reduce the risk of your data being manipulated.