Most firms acknowledge that there is risk associated with the exposure of their confidential information.
This can be in the form of legal risk, if it relates to personal information, or competitive risk, in the case of commercial information, like trade secrets and client lists.
Most firms maintain security policies and procedures to mitigate these data security risks. These can range from adding passwords on smart phones used outside the office, to signing complex NDA agreements with third parties when confidential information is shared, like in an M&A transaction or a licensing deal.
While these measures do provide some level of risk mitigation, many firms still continue to engage in day to day business activities that increase that risk.
For the most part, these risky activities are an afterthought, as they center on three necessary components of every business person’s day – email, third parties and being out of the office.
Your confidential information is at an increased risk of being exposed if you engage in even one of the following activities:
1. Send confidential or sensitive documents to third parties via email
2. Share confidential or sensitive documents with third parties for a limited time
3. Access confidential or sensitive documents outside of the office
4. Transport confidential or sensitive documents using zip drives or hard drives
5. Store confidential or sensitive documents on your own servers in your office
Below are a few examples of what can happen if that one confidential document gets emailed to the wrong person, or confidential information is transported using traditional methods.
Risky Business: Flash Drives
In November 2011, the personal information of current and former employees at Regions Financial Corp was compromised after a flash drive went missing. The flash drive, which contained information about thousands of 401k retirement plan participants, including their names and social security numbers, was mailed by an external auditor to another one of its offices. To make matters worse, the flash drive was put in the same envelope as the decryption code, and when the package arrived, the flash drive was gone.
Risky Business: Email
In September 2009, a California judge ordered Google temporarily de-activate a Gmail account after a bank employee mistakenly sent sensitive data to the wrong recipient. The employee sent a second email, instructing the recipient to delete the email and attachment without opening it. When they got no response, the bank contacted Google to find out if the account was active or not. Google would not provide any information without a court order, so the bank had to sue Google to obtain the account holder’s name and contact information.
Risky Business: Accessing Data Outside the Office
In August 2012, a software engineer for Motorola was sentenced to 4 years in prison for stealing trade secrets. The employee was stopped during a random security check at O’Hare International Airport in February and found to be carrying $31,000, along with hundreds of confidential Motorola documents stored on her laptop, four external hard drives, thumb drives and other devices. Prosecutors alleged that among the secrets she carried were descriptions of a walkie-talkie type feature on Motorola cellphones that prosecutors argued would have benefited the Chinese military.
Risk is not about elimination, but mitigation. It’s therefore important to identify and address the day to day activities that could be putting your firm’s traditional security policies and procedures in jeopardy.
Many firms are implementing more secure document sharing methods, like virtual data rooms, to exchange information with clients and third parties.
Firmex Virtual Data Rooms, for example, apply 256-bit encryption and Digital Rights Management to lock down access to sensitive documents and control who can view, print and share them, even after they’ve been downloaded. With a virtual data room, the firm maintains complete control over how sensitive information is viewed, thereby mitigating the risk of it falling into the wrong hands.
Learn more about how a Firmex Virtual Data Room can protect your confidential documents.
Like this article? Then subscribe to Firmex and receive the latest industry insights delivered stratight to your inbox.