We were recently contacted by an executive who lost a key team member to a competitor. The immediate concern was whether the employee secretly downloaded critical IP that differentiates their product and should never leave the company. We hear similar scenarios from time to time. It could be a key engineer with access to intellectual property, or a salesperson with access to customer records.
These are just two examples of situations where the data exfiltration is suspected.
Data exfiltration is data theft: the intentional unauthorized, covert transfer of data from a computer or other device.
Typical risk scenarios:
- An exiting employee downloads sensitive data to a USB device or private cloud storage app.
- An unscrupulous employee could email sensitive data to an outside party and then delete the emails from the Sent folder before the backup program runs.
- Accessing company systems with a personal device not equipped with security measures
- A former employee still has active accounts on your network that were not properly terminated when they left.
- Malware designed by professional hackers to steal or ransom your data
Unfortunately, there is not much you can do to prevent or prove the violation without setting up defenses in advance. These measures are rarely top of mind when scrappy startups are jamming to get established, but they are all part of a well-planned security strategy you’ll need to meet compliance requirements. A thoughtful phased approach can enable even a small emerging company to plug many holes for data exfiltration before it occurs, without a lot of cost or disruption. It’s much easier to implement these solutions when there only a few employees. These projects balloon as the user base grows.
Solutions
- Email Archiving – Backing up your email doesn’t guarantee that nothing will be lost. Turning on email archiving from your email provider or implementing a third-party archiving solution ensures that all email communications will be captured and saved. This also helps users recover important emails that are accidentally deleted before the backup process capture them.
- Create and Communicate Security Policies – Policies are often thought of as perfunctory exercises, but they include important decisions you’ll need to make that impact employees and set company culture. For example, are employees allowed to access company data on personal devices? Can employees download data to USB devices or personal cloud storage accounts? Do they have admin access to their computers? Educating employees on acceptable use of their IT tools is more important than ever.
- Data Loss Protection (DLP) – DLP is a strategy implemented with different tools at different levels of the infrastructure, including those mentioned below. The important first step is to organize sensitive information in specific locations, limit access, and decide how to prevent exfiltration at different levels of the network.
- Endpoint Management Solution – Once policies are established, a solution such as Microsoft Intune or VMware’s Workspace One can enforce rules on each company machine inside or outside the company network.
- Secure Service Edge – These tools, such as Cisco Umbrella, work with the firewall and other infrastructure to monitor and control access to cloud applications and storage on a granular basis. Monitoring is often the first step to be clear what employees are using, before locking down access or exfiltration.
- Log Collection and Analysis – A SIEM system (security information and event management) continuously collects logs from all relevant systems (firewalls, servers, computers, cloud apps…) and analyzes them holistically for security issues, alerting you to priority concerns. SIEM is a key component of any complete security solution. It allows you to identify and plug holes before bad things happen.
- Endpoint Protection Systems – Yes, anti-virus/anti-malware systems are still part of the mix. These have been updated to coordinate response to threats across all machines in the network and provide active responses, also known as Endpoint Detection and Response solutions.
- Airtight process for employee termination – How certain are you that all access rights to company systems are terminated when an employee leaves the company? A well-defined process and comprehensive records of access rights are essential. Auditing records regularly is a must.
KalioTek helps venture-funded growth companies achieve their growth goals by taking care of IT and security domains so they can focus on their core business initiatives. We advise them on scalable security solutions and implement them in a sensible phased manner appropriate for their size and situation. Our 20+ years of experience serving emerging life science and technology companies has prepared us to understand right-sized solutions and processes.