Real World Information Management Use Case: Identifying Internal Breaches

This article is one of a four-part series presenting real world use cases of information management solutions like M-Files. Check out the other three here:

When we think of data breaches, we think of nefarious hackers located in a dingy basement halfway around the world who want little more than to extort money. While some cybersecurity events do fall under that umbrella, an incredible 40% of breaches still occur the exact same way: as a direct result of the actions of your employees.

Yes, sometimes it’s as simple as someone clicking on a link in a suspicious email that they shouldn’t have, thus exposing your infrastructure to ransomware or some other type of malware. But never forget that disgruntled employees walk away with key information all the time.

Employee data theft is such a significant issue that one recent report indicated that about 49% of ex-employees admitted to logging into an account after leaving their company. 45% of those people say that they retained access to confidential data, even though they knew they weren’t supposed to. If you needed two statistics to help underline what a serious issue employee data theft is, let it be those two.

But the issue isn’t limited to files that you have sitting on a local hard drive somewhere. Along with confidential data, an estimated 88% of employees actually retain access to file-sharing services they used at their old job, according to the same study mentioned above. This includes not only Dropbox and Google Drive, but also SharePoint, Box, and more. Unfortunately, this is also something of a self-inflicted gunshot wound, so to speak. About 60% of employees who had a personal cloud login say that they were NOT asked for their password when they left their companies. Organizational leaders had a simple, effective step to stop this problem in its tracks and they just… didn’t take it.

When the System Breaks Down: Identifying Internal Breaches

All told, there are a few core reasons why most internal breaches occur — and the right information management solution like M-Files can help protect against every single one of them.

Maybe the most pressing of these issues in the modern era has to do with BYOD or “bring your own device” environments. More businesses than ever are allowing employees to use their own smartphones and tablets at work, which is great. But if you don’t have a system in place to wipe those machines and remove access if an employee leaves — or if that device should happen to be lost or stolen — you have a potentially massive vulnerability on your hands just waiting to be taken advantage of by someone who knows what they’re doing.

This demonstrates the issue of poor information security in general — something that a lot of companies deal with. Their technology policies simply don’t have hard and firm rules in place for what happens to accounts, information, and other assets if an employee quits or gets fired — creating chaos when that day eventually comes.

Likewise, a lot of organizations are dealing with a major lack of control over personal file-sharing to begin with. If an employee is using their personal Dropbox account to share important work information, it’s hard to maintain visibility over what is being stored in that directory. It’s even harder to get to that point if you’re unaware that they’re doing it, to begin with.

It all speaks to a larger issue with two prongs:

  1. Storing content in multiple repositories, either by choice or by default
  2. Lack of visibility, making it simple for an employee to hijack all of the data they want upon departure

If Sam saves all of his documents on his laptop, he has ample opportunity to take all of those files and transfer them to a thumb drive. And let’s not kid ourselves, it’s not so hard to do in a cloud file storage account either. A lot of businesses don’t really have a way of being notified of a potential breach like this in the first place. They don’t know who has access to what and where it’s stored, making an internal breach no longer a matter of if, but when.

Enter: M-Files

Thankfully, an intelligent information management platform like M-Files can help address all of these concerns one-by-one. For starters, it brings all information together in a central repository — regardless of where information is stored or who created it. This means that even if files are saved in multiple locations — like network shares, CRM, ERP, Dropbox and more — at the very least you know what you’re dealing with and where everything is. This level of visibility allows you to make better and more informed decisions.

Likewise, consider the example where a staff member who has been fired is trying to bulk download a large number of documents before they’re not allowed back in the building any longer. With M-Files, if an employee tries to access and/or download a certain number of documents in a short time period, all of the appropriate personnel are notified immediately. This puts your IT team in a position to figure out what is going instantly, all in the name of allowing them to stop it before things get out of hand.

Also, M-Files includes a number of unique features like dynamic permissions that mitigate which sensitive information is accessible to employees. Remember that M-Files manages everything based not on where it is, but on WHAT is in the file in question. This means that you can automatically limit access to certain types of files or even entire directories to those who need it to do their jobs.

So, if an employee were to suddenly leave your company, you can use M-Files to remove their permissions instantly. However, their access to sensitive information would, by default, be limited in the first place.

In the end, an information management platform like M-Files represents an invaluable opportunity for firms of all types to lock down access to any and all information. All of this brings with it the most important benefit of all: the peace-of-mind that your confidential information is going to stay that way, no matter what happens… minimizing the risk of a breach and protecting your reputation.