If you think that the tangle of Cat5 in your server room is a mess, wait until you look at your network drive file structure. Licensed from Stock Exchange.
This is the seventh post in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices , Your Browser, Your Inbox, Your Thumb and External Drives, Your Old Computer, and Your Cloud Backup . Finally, we’ll discuss Your Network Drives.
Most companies have an internal corporate network with one or more shared network drives. If your company network drive is typical, it’s a layered mess of multiple naming conventions, files from employees who haven’t been around for years, and old documents with unrecognizable file extensions. Frankly, it’s impossible for anyone to know exactly what’s there.
Sometimes breaches happen when the internal network is not properly segregated. Only individuals or departments with a “need to know” should have access to sensitive information. The Human Resource department should never have access to trade secrets, while the R&D department shouldn’t have access to HR data. The Executive team should have access to confidential client information, while that information might be best kept away from the Sales department.
Aside from inappropriate network segregation network drives, like all computer devices, are eventually replaced. Old hard drives are sometimes donated to schools, sold on Ebay, thrown away, recycled through Best Buy or a similar program, or just stored and forgotten.
Several researchers, including Simpson Garfinkle, have demonstrated that with a small budget you can recover hundreds of thousands of pieces of personal information from used hard drives. Like other computing devices, old network drives must be scanned and completely wiped of all sensitive personal information before they leave your possession.
Remember the fundamentals rules of all data breaches: 1. If you don’t have it, you can’t breach it. 2. Old, forgotten data is dangerous data. Regularly scan these seven types of devices for personal information so that your next breach doesn’t originate from your own computer.
Article first published on Security Catalyst.