Careless Talk Costs Revenue

The perils of sharing confidential corporate information with family and friends

Recent Articles

Careless Talk Costs Revenue India Makes Stready Progress Security Trends in Mobile Devices Cloud Computing Effects of Data Loss Information Theft Warning Signs Staff Vetting Portable Media Legal Developments

The threat to the security of information is continually evolving. More effective attack technology and techniques, coupled with more information being stored and shared on a variety of media, means that data continues to be more and more exposed. This exposure is heightened further by the increasing trend towards disclosing confidential corporate information outside the physical 'boundary' of the workplace. How significant an issue is this? Who are the key players? Crucially, what are the available security procedures and guidelines to protect data in this situation?

Securing information - whether it is used inside or outside the workplace - requires more than a set of rules, agreements and policies. Responsibility and awareness on the part of the custodians and users of that data are critically important. Many data leakage or loss incidents involve authorized personnel with access to the information with the permission of their company. These unwitting leakages occur on a daily basis within elevators, coffee shops, restaurants, bars and other social events like weddings. These are scenarios in which this sensitive information is often used for personal leverage. In essence, we are talking about human nature.

The ultimate scenario of this kind is the sharing of such information within a family environment. This is an environment conducive to information leakage simply because it is seen instinctively as a 'safe' place outside of the closely-controlled corporate sphere in which there is generally no limitation to the sharing of information and little, if any, thought is given to the impact of its disclosure by either the givers or receivers of the information.

Family and friend circles, perhaps understandably, often give no consideration to the expanded social networks they are part of, and with whom they share often highly valuable and sensitive material. In today's digital and social media world, everyone has access to tens or even hundreds of friends and family, and many thousands of other 'acquainted' individuals all of whom in turn have access to their own multitude of social networks. A seemingly innocuous or flippant comment concerning sensitive corporate information can be transmitted via social networks and travel anywhere in the world instantly, becoming public knowledge with no malicious intent. Our inability to measure the size of social networks, which have no defined boundaries, increases the risk of leakage and decreases the ability to effectively monitor, control or mitigate.

Another blurring of the corporate and personal environment which adds to the risks is the increasingly common practice of 'working from home'. The home 'office' is not, and cannot be, subject to the same corporate security resources and controls, and is consequently not equipped to securely receive and work with sensitive information. Home systems and networks - as well as the transmission of confidential information between them and their corporate equivalents - presents an easy target for interception.

However, this is not simply about a lack of thought or integrity on behalf of individual employees. Companies must bear the responsibility of increasing awareness and clearly defining and communicating codes of conduct amongst their workforce. This requires new measures being bolted onto existing guidelines and mechanisms around conduct, information classification, monitoring and other key elements. The enforcement of controls should be permanent, comprehensive, continuous and supported by top management. Penalties and disciplinary measures must be clear to create a culture of accountability and carefulness in respect of how confidential information is used.

We live in a world of flexible working patterns and one where information can be accessed, transmitted and shared instantly across the globe using a plethora of high speed networks and social media channels. As technology continues to move forward, so does the risk of data theft or leakage both intentional and accidental. It is crucial that companies look outside of their workplaces to ensure that their people understand the risks of sharing sensitive corporate information in their personal lives, and think twice about what they say and to whom. Careless talk might no longer cost lives, but it can still cost a great deal.

By Leandro Augusto Marco Antonio, Luciano Prado Reis Nascimento

© 2012 KPMG International Cooperative ("KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.