Your Data Has Left the Building...

by Scott Stevens
CliftonLarsonAllen LLP

Greater technology mobility calls for greater security measures in the workplace.

The proliferation of smart devices, the Bring Your Own Device (BYOD) phenomenon, and the ability to access high-speed Internet from anywhere requires businesses to protect their data in more ways and places than ever before. Business owners now need to consider not only the files or emails stored on computers or servers, but also how and from where the information is accessed or where data is backed up. As laptops and tablet computers have taken the place of desktop systems, it is clear that information no longer stays within the four walls of your business.

Firewall Protection
When it comes to protecting your data, your network is still the first line of defense. While we hope that all businesses have at least invested in a basic firewall, this is only a start. In addition to keeping traditional hackers out, businesses should consider firewall models that also provide other security roles, such as antivirus protection and Internet content filtering. The IT industry refers to this type of firewall as a Unified Threat Management (UTM) device.

Certain models from manufacturers like Cisco, Fortinet and SonicWall also support features such as data leak protection (DLP), which prevents files or attachments containing defined number or character strings from passing through the device. For example, ###-##-#### would represent a social security number and could be blocked from being sent inadvertently (or maliciously) in a file or email message. Other strings could be defined to block account numbers or other sensitive data from leaving your network. Certain models of firewalls can also manage your wireless network, allowing you to control what can be accessed or transferred between wireless laptops or BYOD devices and your business network.

The network firewall has also traditionally been used to control access for remote users who need to retrieve information or applications from the office. A virtual private network, or VPN, provides an encrypted link between the remote user’s laptop or smart device and the office firewall. Today’s firewalls further secure remote connections through “two-factor authentication,” in which the remote user enters a number generated from a keychain token or an application running on an Android or Apple IOS smart device. In addition, newer firewall models can also detect the presence of antivirus software on the remote computer before allowing a connection. While this functionality may sound pricey, it is actually very cost-effective and simple to use.

Data Encryption
Data encryption is also very important to keep your information secure and to manage liability. Most current backup products support encryption, yet we frequently see businesses that do not have encryption enabled. Properly configured, if a backup tape, hard drive or even cloud-based backup set falls into the wrong hands, the data is unrecoverable without the encryption key. Encryption should also be considered for laptops, removable drives and USB keys, as these products are easy targets for theft or are easily misplaced. Email communications that contain sensitive information should also be encrypted. Secured email can be implemented through inexpensive cloud-based services, software products or by network devices, depending on the size of business and volume of email messages.

Mobile Device Management
Whether it be iPhones, iPads, Android or BlackBerry devices, BYOD is here to stay. Initially marketed as “consumer” devices, their ease of use, functionality and mobile design have led to the need for businesses to accept these smart devices as alternatives to the laptop or personal computer. The need to control and secure the devices has brought on a new class of products called Mobile Device Management, or MDM. MDM products have the ability to manage configurations, apply updates and back up the devices; as well as network service management to monitor the location or usage. Should a mobile device be lost or stolen, MDM tools allow for completely wiping all files and information off of a device, preventing data or information from being lost. The leading providers of MDM products today include AirWatch, Good Technology, Mobile Iron and Zenprise. Expect to see many other solutions on the market in the near-future as the need to manage smart devices grows.

Off-Site Storage
Many companies are now storing data outside the four walls of their business as an off-site backup and disaster recovery strategy, as well as a means for file sharing. Some services, such as Mozy, Carbonite, and ShareFile were designed for or evolved to the business-level market while others, such as DropBox and GoogleDrive, were developed for the consumer or home-user market. Businesses need to understand what measures each provider takes to protect their data, and choose their vendors wisely. Once a vendor is chosen, clearly communicate to your staff how the service is to be used and what information is to be stored in the cloud. Also remember, it is far too easy for your employees to set up their own free cloud-based sharing repository. In order to control or prohibit this behavior, strong acceptable use policies are critical.

Keep Pace
As new developments in technology seem to be coming faster and faster, the need to protect your data must keep pace. Identifying where your data resides and how to best protect this valuable asset is important for all businesses. By focusing on a few key areas—your network, encryption, mobile device management and cloud-based storage—your business can gain the productivity and efficiencies of these tools, while you sleep well knowing your data is protected. iBi

Scott Stevens is a partner of technology consulting for CliftonLarsonAllen in Peoria. He can be reached at scott.stevens@cliftonlarsonallen.com or (309) 495-8783.

Add new comment

This question is used to prevent automated spam submissions.