When creating an IT security strategy there are common threats that every IT Manager always thinks to protect. There are plenty of online resources that can help achieve this. What I will be covering in this post however, are the threats that people don’t always consider. I often see these when assessing vulnerabilities on customer’s environments.
Much like when setting up a firewall, people tend to take a similar attitude to Mail Protection (hardening the inbound flow of traffic but leaving outbound unrestricted). With tighter rules now in place on how data is handled, this can leave your organisation at risk if you don’t build a ‘data loss prevention plan’ into your strategy.
Take the following example: A member of staff is noting information for a set of new starters which includes national insurance numbers. This member of staff then sends an email containing the national insurance numbers but selects the wrong address from their autocomplete in Outlook. The email ends up sending to a personal, unsecure email account.
So, what could be done here? We can make use of Data Loss Prevention (DLP) in Office365 in conjunction with Transport Rules to control how this data can be allowed to leave the organisation. We can set these up to allow us control at the border of our environment.
Document Level Protection
Most organisations that have a baseline IT Security strategy will have some form of Data Security Policy. This is most commonly fulfilled using File Server NTFS permissions or SharePoint Libraries. Although having this level of role-based access is very important, it also leaves a vulnerability. When applying these permissions, it restricts access to where the documents are located but not the documents themselves.
Again, we will use an example: A member of your sales department has access to a document with all your main customers, along with their budgets and contractual information. This member of staff is recruited by another company and decides to take the information with them. They then email the information to their personal account and take a copy on a USB drive.
So, what could we do in this situation? We can make use of Azure Information Protection to apply document level protection. In this case, due to the sensitivity of the information, I would apply a policy that requires authentication to unlock the document, as well as activate tracking and revoke rights on the documents.
Although a lot of organisations have a Security Policy in place, the common question I ask when facing a customer is, “when was the last time you checked this?” Over time things change; ports get opened, permissions get added and not removed.
Keep following us for future content that will help you review your own security.