The hidden security problem we all need to know about

If you can anticipate how employees will work, you’ll have a better shot of preemptively preparing for it and protecting your critical data.

eliminate insider threats 1
Thinkstock

Security is something that many enterprise users never want to think about – and often forget about – and those who do think about it assume that it’s running effectively in the background. Unfortunately, daily security breaches show that taking an ostrich approach of burying your head in the sand just doesn’t make them go away.

A key way to combat these breaches is to be as vigilant and up-to-date on security vulnerabilities as possible. Unfortunately, we just can’t rely on tech vendors to keep us informed or protect us from all potential issues. Case in point, there is a key vulnerability in Microsoft Windows that has not received much attention, but one that every enterprise should be aware of: the lack of protection for temporary “tmp” files. While it’s convenient to undo edits in a Word document, for example, the resulting security tradeoff for leaving your file vulnerable is a big one.

For example, a hacker could create a virus that opens Microsoft Azure RMS protected Office files and copy a tmp file to another location, such as the cloud.  This would bypass standard RMS security, leaving the file protected only by local security controls, such as BitLocker in Windows 10 and the Encrypting File System (EFS), which are inadequate. Since BitLocker decrypts files during use, tmp files are still vulnerable. While EFS encrypts all data to the computer, but any malware or virus can still penetrate, and any data you send, e.g., to a website, through email or to a USB, is unprotected.

So, what can be done to protect data from being exploited from this vulnerability? Encryption can provide strong protection, but it must be all-encompassing to be effective. It’s essential to secure your data at all times – when it’s created, sent, received, at rest and in use, for example, in a Microsoft tmp file. Also, consider what happens to derivative data (when data is shared). It’s common for employees to cut and paste parts of one file to use in another. Someone in finance, for example, may take confidential financial information from a protected file and paste it into a non-protected PowerPoint. From there the information can continue to spread, and the company will not only lose control over it, but it won’t even know where the data goes. By including the protection of derivative works in security protocol, you can track and secure data throughout its lifecycle, no matter what format it takes or where it travels.

In addition to these specific practices there are two overarching strategies that companies need to consider in security procedures to better prepare and protect against threats:

1. Security based on the way users work

In order to truly secure your organization’s data, you need to implement security practices that are based on the way enterprises really run and the way users really work. Unfortunately, many security breaches occur when the enterprise computing environment and end-user practices change before security technology and procedures can catch up. For example, given the prevalence of BYOD and cloud apps and the fact that they provide numerous ways for data to flow in and out of an organization, companies no longer own or protect the servers where the data resides.  In addition, the enterprise trend of collaboration both internally and externally with partners and suppliers promotes greater data sharing and with it, greater exposure and vulnerability. Because of these trends, the perimeter – once the trusted first line of defense – is no longer adequate to protect data, leaving many organizations vulnerable until they adapt and change practices.

Another reality impacting security in the enterprise is the prevalence of internal breaches. While the media and many companies tend to focus on external hacks,  43 percent of data breaches are internal, according to an Intel study. Often enough it’s innocent, accidental breaches that happen when an employee computer is hacked, or someone inadvertently downloads malware, clicks on a phishing link or unwittingly shares protected information. Yet, if a company is focused primarily on external hacks – and not the way users are really working – it’s leaving itself open to security breaches.

2. Convenience and security are not at odds

Companies often feel they have to choose between convenience and security, but that’s not the case.  If a security procedure requires users to opt in or take an extra step, it often won’t work – not only because they may forget or try to save time, but also because it relies on users to accurately determine what needs to be secured. A better approach is to implement security that is invisible to the users, protects everything and doesn’t impact the way they work. And, an added bonus is that it will provide a better user experience.

Attempting to stay on top of threats, such as the Microsoft tmp file vulnerability, is an important but challenging task. By focusing on how organizations work today, companies can design stronger security procedures. It requires protecting an environment that encompasses multiple devices, accessing and sharing information on the cloud, on the go, and in multiple formats inside and outside the organization. But what will enterprise computing look like in the future? How much will IoT devices impact security measures? As much as possible, if you can anticipate how employees will work, you’ll have a better shot of pre-emptively preparing for it and protecting your critical data.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.