The biggest risk to modern organisations isn’t always a fraudster or cyber criminal halfway across the world; in many cases, it’s an employee. Research shows that between 2018 and 2020, there was a 47% increase in the frequency of incidents involving insider threats, and 66% of organisations consider malicious insider attacks or accidental breaches more likely than external attacks.
At the same time, as organisations move to consumer-grade cloud collaboration and storage platforms to support remote working during the Covid-19 pandemic, employees have more access to sensitive data than ever before. For instance, a Varonis report discovered that 17% of all sensitive files were accessible to every employee.
The situation is made more complicated by the fact that many companies store their documents in a single shared drive, where it quickly becomes difficult to distinguish what information is and isn’t sensitive in nature.
With so many sensitive files readily available to employees and a lack of clear user access controls, there is a substantial risk of data breaches and data privacy violations that lead to disastrous financial and reputation consequences.
Why Organisations are Struggling to Control Access to Data
Many organisations are struggling to control access to their data because they rely on cloud collaboration platforms and shared drives to share information. Many solutions like Microsoft Teams and Slack don’t encrypt messages from end-to-end, which means everyone from privileged users to admins, and the vendor can view sensitive messages and files.
In addition, poor user access controls that rely on email addresses and passwords to authenticate users are ineffective at preventing unauthorised users from accessing sensitive files and folders, which means that every member of the team has access to some if not all the data stored in the solution.
In other words, all a user needs to do to gain access to “privileged” information is to break into a user account with a brute force hack, phishing attempt, or credential stuffing attack, and they can easily exfiltrate and steal the data on the platform.
Phishing scams are one of the most significant threats because it only takes one successful manipulation attempt for an attacker to gain access to an employee’s login credentials. For example, last year cyber criminals used phishing emails that imitated Microsoft Team’s automated notification emails to trick employees into disclosing their Microsoft Office 365 login information so they could steal the victim's private data.
The Solution: End-to-End Encryption and Zero Trust Access Control with the HighSide Platform
Modern organisations need streamlined centralised and secure communications platforms to collaborate effectively, and the most effective way to provide this is with a cloud collaboration platform that offers secure end-to-end encryption with the HighSide Distributed Authentication Encryption and Authentication Protocol (HEAP).
HEAP encrypts all messages and files sent through the HighSide platform and provides each user with a unique cryptographic private key that's stored on their end-user application. User's private keys handshake with each other to determine whether they can access the message content. This means that no unauthorised employees, third parties, or admins can read the message content.
The HighSide platform's SecureDrive enables users to store files safely with admin-approved granular user access controls that guarantee only authorised users in authorised locations on authorised devices can access sensitive files and data.
For example, administrators can implement geolocation and time-based restrictions to ensure that only authorised users can access private information if they’re in an approved location on a trusted device. Administrators can also integrate the platform with external identity management solutions like Active Directory to create access rules that control who has access to sensitive files.
This approach not only makes sure that there's less chance of a data breach involving your mission-critical data but also ensures that you stay compliant with CMMC, ITAR, GDPR, SEC, FCA, and HIPAA regulatory requirements.
HighSide’s Approach to User Authentication: Zero-Trust
The HighSide platform uses a Zero-Trust approach, which gives an administrator an employee a signup token via email. When the employee uses the signup token to access the platform, their client generates a key and supplies it to the server. Other users then use this key to authenticate the user.
In the HighSide platform, all users are cryptographically signed by an administrator, preventing unauthorised users from accessing sensitive information or hackers from modifying existing contacts. The system won't accept any spoof accounts that aren't approved by an administrator.
Employees can also verify other users on the platform by checking that their user address is the same in their client as it is in the other user’s. This Zero-Trust approach provides a mechanism for verifying that privileged users are actually the users themselves, rather than an impersonator or a hacker.
End-to-End Encryption and Zero Trust Access Control: The Essentials for Controlling Access
Restricting access to sensitive files is something that every organisation should be doing, but many aren't. End-to-end encryption and zero trust access control are now the bare minimum needed to protect sensitive information. TLS encryption and basic user access controls offered by cloud collaboration platforms simply aren't sufficient.
The HighSide platform provides organisations with everything they need to maintain security and control over their data, while also ensuring that their data remains available and useful to authorised employees.
Want to protect your files from unauthorized employees? Try the HighSide platform today.