Examples of Data Breach Risk by Contractors and The Countermeasures Using Secudrive
Many security managers are worried about the possibility of a data breach by contractors when sensitive information is shared. As discussed in the previous blog, it is not easy to prevent data breaches by contractors, even though the breaches can cause crucial damage to a business. This blog describes a couple of typical examples where contractors could cause a data breach and suggests ways to prevent a data breach by using Secudrive solutions.
First, let’s imagine this situation: a company extracts customer information from their database and hands it over to contractors as a Microsoft Excel file. The contractors conduct a cold-call marketing campaign with the information, fill out the result of the calls in the files, and return the files to the company. Thousands of customers’ information is stored on every contractor’s PC, but the contractors’ PCs are separated from the company, so the company cannot control and monitor them. A contractor could accidentally send the Excel file as an attachment in an e-mail to the wrong person or deliver it into the wrong hands with malicious intent. In addition, if the company gave the contractors its marketing plan for the campaign, which the company has spent considerable money and time to create, the plan might be copied and delivered to a competitor too.
Second, imagine an industrial machinery company that hires hundreds or thousands of technicians as contractors to conduct a maintenance service for their customers, who are scattered all over the United States. The company should provide manuals related to all their products as well as a price list for all of the parts. The information might contain very important intellectual property and be very sensitive for the competition in the market so that it should not be handed over to the public or a competitor. Therefore, the company cannot help but worry about how the technicians handle the sensitive information in diverse environments. What if a technician loses his or her unencrypted laptop storing the sensitive data? What if the technician copies the files and places them into the wrong hands? What if the technician keeps files even after leaving this job, and hands them over to a competitor? The possibilities are endless.
Secudrive USB solutions could ensure data security in the above two cases.
First, Secudrive USB Office+ is suitable for use in telemarketing. Excel files can be placed onto a Secudrive USB Office+, a copy-protected USB flash drive that enables an administrator to restrict users’ rights for copy, print, screen capture, and network transfer. If all the users’ rights are restricted, users can simply open and edit the files on the USB flash drives. After the telemarketing campaign, contractors fill out the results and return the files to the administrator. If Secudrive USB Management Server is used together with Secudrive USB Office+, you can monitor all users’ activities with the USB flash drives. Even if a user loses a USB flash drive, the data would be secure because it is encrypted by an encryption chip. You can also destroy the data or lock the USB remotely when necessary for information security.
If you want to check the results of a campaign in real time, you can use Secudrive File Server instead. The customers’ information is stored in a file server that is separate from the company’s database, and Secudrive File Server is installed on the file server. Secudrive File Server makes it possible for an administrator to restrict users’ rights for copy, print, screen capture, and network transfer when users use files in a shared folder. Users only open the Excel files and fill out the results of the calls in the shared folder, and the administrator can check on this process in real time.
If users do not need to edit files after distribution, as in the second case, Secudrive USB Copy Protection is an excellent choice. You can restrict users’ rights for copy, print, screen capture, and network transfer when you distribute files with USB flash drives. If you need to update product information or a price list, you can upload the update files onto an update server, and then these files can be automatically updated when the distributed USB flash drives are connected to the Internet. Secudrive USB Copy Protection can utilize general USB flash drives that have serial numbers, making it more cost effective, but this option is less secure because it is encrypted only by a software algorithm instead of an encryption chip. However, you can also destroy the data or lock the USB flash drives remotely.
In both cases, you can update files on the USB flash drives remotely through the Internet after distribution, without the need to deliver a physical CD/DVD every time you update files after distribution. Therefore, distributing the USB flash drives using Secudrive Solutions is much more efficient and cost effective than distributing CD/DVDs using existing solutions.
Secudrive solutions are also very effective in preventing data breaches by contractors who work with sensitive corporate information but cannot be easily controlled under a regular corporate security regulation and system. With Secudrive, you do not need to open a corporate server system that is full of sensitive information. If you select information that you have to open and deliver it to contractors using Secudrive, you do not need to worry about data breaches caused by contractor mistakes or malicious actions.