9 Costly Security Mistakes

  1. Trusting employees to opt-in to security. It’s not in employees’ interest to follow cumbersome security processes or to manually classify data as internal only.  Data should be secured by default and employees should have to opt-out when their job function requires removing security.
  2. Even the most diligent employees won’t classify data correctly. It is difficult to predict what information is going to be sensitive in the future.  Data should be protected automatically with intelligent solutions such as derivative protection which applies security permissions based on the content.
  3. All applications are not created equal. Application flaws and security holes can be the source of data breaches.  Admins should be able to restrict protected data only to be accessed by authorized applications.
  4. Don’t fall for an 80/20 rule sales pitch. Security and visibility need to work with any application, any file type, and any device.  If you hear ‘Office files make up 80% of the documents in an organization and that is all you need to protect’, alarms should go off in your head.
  5. Location matters. Even authorized applications should have limits on where they can read and write data.  Do you want your company data stored in free cloud storage provided by a Chinese government-backed company?
  6. If a tree falls in the forest, does it make a sound? Companies need to log everything.  Real-time monitoring provides the ability to meet compliance and audit regulations as well as create automated responses to suspicious activity.
  7. Be honest. It’s 2019.  Employees are working with data in the cloud, on the edge, and in the core.  Visibility and security need to apply to all three locations uniformly.  If your solution doesn’t address the way data flows today, upgrade.  Don’t try to force employees into an inefficient workflow.  They’ll find alternative paths to get their work done.
  8. Change is a rule of life. Any security solution needs to have revocable permissions.  Employees leaving a company, 3rd party vendors, or even employees just changing jobs within the company will trigger permissions changes that should remove access to previously accessible data.
  9. Protect what is important. The Data. A data-centric security solution will protect data as it moves from user to user, device to device, and even file to file.  If an Excel file is protected and a chart is copied to a PowerPoint, the PowerPoint file now has sensitive data and should automatically be protected.