When Reactive SharePoint Data Security Turns Proactive

Increasingly, organizations reach out to us after they’ve experienced a SharePoint data security breach. These companies thought that the native security measures built into SharePoint were enough. Unfortunately, as these companies found, the gaps in out-of-the-box security can leave an organization at risk.

What do these breaches look like? There are different scenarios, but in many of the examples we’ve seen, it’s because someone inadvertently did the wrong thing. Worse, in most cases these were entirely preventable.

1. Inadvertent Attachments– Email is a huge part of how business is conducted every day, whether it’s contacting colleagues, partners or third-party vendors. However, sending the wrong attachment can have disastrous results; especially if that attachment contains personally identifiable information (PII) or personal health information (PHI), as happened with one unfortunate prospect. It’s easy to do, especially given the amount of information that can live in a centralized library. Whether an employee simply grabs the wrong attachment or doesn’t realize that a particular attachment has confidential information within it, handing it over to the wrong party constitutes a breach.

This is an entirely preventable scenario. You should have the ability to prevent the distribution of sensitive content that includes PII, PHI or any other identified confidential information via email. In addition, encryption should be automatically applied to each file so that in the event it accidentally makes it out of SharePoint, the information will remain safe.

2. Sharing with the World- Email isn’t the only way information leaves the safety of an internal repository. Many companies tell us that files with PII or confidential corporate material has been accidentally uploaded to a public facing website. In some cases they caught the mistake within a day; in others the offending file sat in full public view for months. The fines for this type of breach can be daunting depending on the type and number of files exposed.

Again, this situation can be prevented with a solution that allows you to put rules in place so users are warned or prevented from uploading any file with confidential data to a live, public-facing site. In addition organizations should regularly scan Web content to ensure that no exposed information exists.

3. The Unknown IP Leak– Organizations invest millions if not billions on research and development to advance everything from IT to medicines, so ensuring employees don’t take the core IP outside of the office is critical to protecting an organization’s bottom line.

A Wall Street Journal article recently included two damaging examples of lost IP. In the first, a research scientist who worked at different times for a large chemical company and a diversified manufacturer admitted to stealing trade secrets from both companies. The U.S. Justice Department estimated the damage between $7 and $20 million. In another example, a software engineer working for a handset manufacturer stole trade secrets related to a proprietary technology the manufacturer. The FBI notes that this manufacturer spent hundreds of millions of dollars in development.

Organizations turn to SharePoint for its significant collaboration benefits, but these benefits come with the potential for huge data holes. As a result, organizations that manage regulated and confidential information in SharePoint require the ability to track the entire lifecycle of a specific document in the event of a breach.

If you can track IP, you can identify leaks by monitoring and tracking access and usage.

Each of the examples above is preventable. If you’re using SharePoint, it’s important to acknowledge the potential for a data breach and take proactive prevention. No one wants to find themselves scrambling to retrofit security measures after a breach. Using a solution like HiSoftware Security Sheriff™ SP will help safeguard your valuable content and protect against accidental and malicious breaches alike.

This article was wrote by  Kurt Mueffelmann, HiSoftware . HiSoftware are signed up as silver exhibitors for ESPC14.

For expert advice on data Security, check out James Baldwin’s ESPC13 conference presentation on ‘SharePoint Infrastructure Advanced Management and Data Protection‘.   Download Now>>

Share this on...

Rate this Post:

Share: