New social and digital channels have transformed employee communication and created new efficiencies in the workplace. But new channels also means more doors through which data can leave any enterprise. Social media is often a blind spot in enterprise security; so are other digital channels.
These channels were created largely after traditional cyber defense technologies, such firewalls and network endpoint security. New digital channels, like Slack and WhatsApp, are increasingly critical for business. Employees prefer to use them because they improve communication and productivity. A new study found that 25% of employees share confidential company information on these channels. Imagine your company’s proprietary information being freely shared across Slack or WhatsApp. What happens if that data leaves the company? How do you know your company information is being shared?
Why Collab & Chat Apps Are at Risk
It’s hard for infosec teams to know when data is leaving the company through new digital channels, and subsequently stop it from happening because they are not protected by traditional perimeter or in-line security. Full digital security requires in-app visibility.
Digital channel data loss problems include:
- Insider Threats - employees accidentally share client PII or intentionally send proprietary company information to a competitor in a chat
- Lack of Visibility - infosec teams are unable to track what information is being shared across collaboration and chat apps, and the specific rules that they violate
- Deep/Dark web - once data is exfiltrated via one of these apps, teams have no record of the data that was compromised and if it is being shared across the deep/dark web
These risks are further compounded by the amount of data being generated. The number of messages employees send can easily scale to millions annually, especially for multinational companies with collaboration channels deployed across teams. Slack and SharePoint help teams efficiently communicate across offices and time zones, but they also need to be protected against data leakage and exfiltration of sensitive client information. It’s almost impossible for Infosec teams to track where data has been exfiltrated and to what extent, unless it’s publicly released.
Germany found this out the hard way when public figures’ personal data was posted online at the beginning of the year. The attack demonstrates how bad actors jump across social and digital channels to access the information they want. In this case, credentials were stolen via a social media phishing attack, giving the ability to exfiltrate sensitive data from other digital channels, like WhatsApp and DropBox.
How to Prevent Data Loss in Digital Channels
DLP is a critical component of enterprise security; that includes the protection of collaboration and chat apps. Digital channel DLP solutions should evaluate user messages and/attachments for restricted content, quarantine suspicious messages in real time, and provide an option for remediation. That way data exfiltration is stopped before it happens. You also need a solution that can monitor the deep/dark web and alert you if sensitive information surfaces. Proactive defense helps enterprises protect against data loss in digital channels.
SafeGuard Cyber provides advanced data loss protection for 50 + social and digital channels. Contact us to see it in action.
Tags: #Insider Threats
July 6, 2020