If you thought the rancor over Hillary Clinton’s email server was just about politics, think again. It’s not about the “classification” of the documents; it’s about the combined content and who might benefit from it.
If your company’s size or world-winning innovations can move markets then you too could be a target. Every high-level executive needs to be aware of how they handle proprietary internal information and the security example they set.
In today’s information age, discretion and due care are your best allies against unscrupulous parties looking to scoop up your data. Here are four ways you can take action:
1. Protect Your Communications. Academic researchers designed the Internet’s forerunner as an open network to easily share data. Security was an afterthought. As a result, email is like a postcard. A message passes through many hands and can be read along the way.
Do you want your privileged corporate communications to be transmitted so openly because you’ve traded convenience for caution? This could nullify your otherwise robust corporate security policies.
2. Watch Your Profile. Remember the alleged eavesdropping on German Chancellor Angela Merkel’s cell phone? It can’t be surprising that there would be great interest in the thoughts of the woman who may control the fate of the Euro.
Yet, Merkel unabashedly displayed her reliance on her cell phone. She was often photographed talking or texting on it. So too was Hillary constantly seen on her Blackberry. Sending messages through a homebrew email server.
What communications practices are you engaged in that could broadcast your firm’s strategic intentions?
3. Create Separate Channels. Like a TV that carries different programs, a special channel – such as encrypted email – should be used to send and receive proprietary data. In this way you give some protection to messages in transit.
4. Know Where Your Valuable Information Is. In addition to the information being communicated, protect data at rest in your networks. Whether your server is in a closet or in the cloud, understand where your privileged information lies, who has access, and how it is controlled.
Keep a watchful eye on key data to understand who is putting hands in the cookie jar. This includes third parties with permission to access your network.
Odd behavior may indicate that a malicious insider or advanced hacker is at work inside your system.
Set the right example now for the rest of your employees to follow. If you are openly lax or flout existing security processes, they will figure, “why bother?” and create even more ways for adversaries to strike.
Topics from this blog: insider threat