In early March, email scam artists tricked an employee at data storage giant Seagate Technology into giving away tax documents on all current and past employees. W-2 forms containing employee social security numbers, salary, and other personal data, are now in the hands of thieves who can file phony tax returns with the IRS and state governments. It is estimated that between 2,000 and 10,000 employees are impacted.
The solution to email scams can be found in Enterprise Digital Rights Management. While you may often think of Enterprise Digital Rights Management as the way to control information in-transit and at-work, especially for external collaboration, persistent file-centric security is also the ideal solution for protecting information at-rest.
If Seclore’s Enterprise Digital Rights Management solution had been in place, the W-2 files would have been ‘seclored’ prior to being emailed meaning that the rights would have been set so that only the CEO could access them. As well, the Seclore solution would have been able to set rights so that the files could only be opened on the CEO’s device or at least only within the corporate network. Therefore, even if the email scam artist ‘received’ the file containing the W-2s, they wouldn’t have been able to open them.
The breach at Seagate is similar to a recent attack at a Financial Regulatory Authority where a ransomware attack was thwarted because sensitive data at rest on a server had been ‘seclored.’ The ROI on this investment in Enterprise Digital Rights Management was achieved in less than six months. Luckily they had Seclore in place!