By Aim's data protection experts

April 2022

 

It’s 2022, and the world is moving through significant change, with many workforces now at least partly working from home. With employees largely being in favour of it, provided with the right equipment and with no noticeable impact on, or even an increase in productivity, it’s all going well, right?

 

Organisations like the Civil Service have in many cases fast-tracked digital transformation programmes to make working from home viable, and technology such as VPNs is being used to ensure data can’t ‘escape’ out of an organisation’s network into the wrong hands, with increased security software and policies put in place. Meaning sensitive personal data or secure business data that is being processed on a daily basis is assumed to be safe, and stored in the right place. But all may not be well.

 

Data leakage is one of those problems organisations might not be aware of unless they go looking for it, or worse, something goes wrong – like a data breach.  Data has a habit of lying quietly in the wrong location and arguably doing no harm, until an event triggers its exposure, causing significant problems.

 

How does data end up in the wrong place though? Unfortunately it is frighteningly simple for employees to inadvertently save data into the wrong place. On their personal drive for example, or simply in the wrong area on a system. It’s extremely common for people to ‘dump’ data outside the database they are using, or to note down personal, sensitive information, that is discussed over the phone, onto service desk systems. If it’s not being sent outside the organisation it’s unlikely to be flagged as an issue. So on the surface there seems to be nothing to worry about and if no one finds it, what’s the problem?

 

We’re not just talking about external malicious actors here, but simple, internal, mistakes, and information being accessed when it shouldn’t be. Someone might go digging around through curiosity, or they might just come across this rogue data. And then there definitely is a problem. With so much of the data processed by organisations such as central and local government being classified as sensitive, and containing the most personal of details – names and addresses, health and financial information for example, this really is the sort of data that no one wants to get into the wrong hands, and the sort of error that can result in hefty fines for the organisation and considerable reputational damage.

 

So how on earth can this problem be addressed? At Aim we have a solution for our clients, and are helping them to locate hundreds of thousands of rogue data references. Clients who didn’t think there was a problem, until they went looking for it.  Using our dataBelt® tool, which sits within our dataEstate® suite of solutions, we are able to very quickly search for and find any and all data as defined by our clients, such as health conditions or financial data, flag exactly where it is located, classify it correctly and move it as required. All with a full audit trail, and of anyone who accesses it, or tries to move or copy it going forwards. Dramatically reducing the risk of data loss, data breaches, fines and reputational damage.

 

 

More:

• For information about our data protection services, please click here.
• Data leakage case study