In recent years, the protection of sensitive information has become mandatory for most companies, regardless of where they are in the world. When developing the cybersecurity strategies, organizations don’t just have to define what sensitive data means to them in the context of their sector and national legal framework, but must also consider the three different states data can find itself in:
- Data at rest: static data stored on hard drives that is archived or not often accessed or modified.
- Data in use: data that is frequently updated by multiple users within a network and is very much active.
- Data in transit: data that is being transferred outside the network and subject to third-party services whose security cannot be guaranteed.
Data in transit or data in motion is considered the most vulnerable type of data as it’s transferred over the internet, outside the security of corporate networks through potentially insecure channels such as cloud storage or third-party service providers to destinations with laxer information security policies in place. Data in motion can also become the victim of Man-in-the-Middle (MITM) cyberattacks that target data as it travels.
However, while data at rest is protected by a company’s cybersecurity strategy and is usually stored locally within the company network, it is still at risk from both malicious outsiders and insider threats. Data at rest is often a more attractive prize for cybercriminals because the volume of information that can be stolen is higher than in data packets in transit. Many of the most spectacular data breaches in the last ten years have involved the theft of data at rest. Malicious insiders also target data at rest when stealing data for the same reason outsiders do: it represents a bigger payday.
Data at rest is also particularly vulnerable to employee carelessness. If someone gains unauthorized access to a work computer or if a company device is stolen or lost, the data at rest on it can be easily accessed and stolen by booting a device using a USB flash drive and bypassing login credentials. This became a particularly relevant issue during the COVID-19 pandemic when most companies were forced to allow their employees to work remotely and take their company-issued devices home with them.
Conventional antivirus software and firewalls are the most common security measures used to protect data at rest. However, these do not guarantee safety from phishing or social engineering attacks that target individuals, tricking them into revealing credentials and sensitive information that can compromise a company’s data security. They also do not protect sensitive data from insider threats. Access control can be an effective measure to reduce data at rest vulnerability, allowing only employees that require access to sensitive data to perform their duties to store it locally.
One of the best and easiest ways companies can start protecting their data at rest from employee carelessness is by implementing encryption solutions. Operating systems’ native data encryption tools allow organizations to encrypt employee hard drives, ensuring that, should someone steal or find a company device, they would be unable to access it without an encryption key, even when booting a computer using a USB.
Companies can go one step further: to secure data at rest, they can use Data Loss Prevention (DLP) solutions that can block or limit the connection of USBs, mobile devices, or removable storage drives all together. In this way, malicious USBs cannot be connected to a device to infect it, nor can they be used to boot a computer. They also prevent data exfiltration via storage devices.
Using content inspection and contextual scanning, DLP tools can also search for sensitive data based on predefined or custom content, file name, or particular compliance profiles in hundreds of file types stored locally on employees’ computers. Based on the results, remediation actions can be taken. The sensitive data found can be encrypted or deleted to ensure that it is not stolen or misused. DLP solutions offer a way of controlling sensitive information on employees’ computers remotely, removing it when access to it is no longer desirable, and acting as an additional layer of security in data management.
It is clear that protecting only one type of data, whether in motion or in use or both and ignoring data at rest can lead to disastrous consequences. It is therefore essential that companies look for all-inclusive solutions that deal with all sensitive data, no matter what state it finds itself in.
The above article is authored by Filip Cotfas, Channel Manager, CoSoSys