Louise is nothing if not dedicated to her job. Every night, she religiously loads data onto a USB drive or emails files to her personal account so that she can catch up on work after dinner. Though technically against company rules, nobody seems to care -- and it's for the good of the business, right?
Nearly half of all employees take company data home with them at least once a week, according to a February 2013 survey by Symantec and the Ponemon Institute. One-third of all companies surveyed by Kaspersky Labs last January reported data loss due to staff members losing mobile devices. Though not as insidious as a rogue insider, Leaky Louise could potentially be more damaging -- especially if she works in a highly regulated industry, such as finance or health care.
How to keep them in check: A robust data loss prevention program that encrypts files at rest and on mobile devices is the most thorough way to prevent data spills, says Robert Hamilton, director of product marketing for Symantec's data loss prevention products. If a device is lost or stolen, encrypting the data on it will make it useless to anyone else. If an employee goes rogue or tries to take the data with them to another company, you can simply revoke their encryption keys so that they can no longer access the files.
"Aside from technical solutions, the best approach is employee education," he adds. "Most people don't realize what they're doing is wrong, or they think their employers don't care. When you do your annual security awareness training, you need to re-iterate that you do care."
It seems like only yesterday you dropped seven figures on software licenses, but there's Sam on your doorstep looking to discuss renewals. When you tell him you're thinking about ditching your on-premises software for a cloud solution, though, the friendly smile fades. Maybe it's finally time for that compliance audit, he mutters darkly.
"The sales guy wants you to believe he's a partner in helping your organization succeed, but the relationship is usually more hostile," says technology attorney Rob Scott, managing partner of Scott & Scott, LLP. "The major software publishers have abandoned the strategy of partnering with customers and instead routinely investigate them for software license compliance."
Sam has a lot in common with his colleague, Hardware Hank. An old drinking buddy of Legacy Larry, Hank will happily extend the renewal on end-of-life equipment because he knows how much Larry hates change. He'll resell you gear he knows you can get much more cheaply direct from the manufacturer -- if only your procurement rules allowed you to do that -- at a 200 percent markup.
"Hank brings nothing to the table," says Howard. "He doesn't touch the product, provide warranty or services, or assist in the deployment. He makes a six-figure salary just by slapping his name on the sale."
How to keep them in check: If you encounter Hardware Hank, run as fast as you can in the opposite direction, suggests Howard.
"If you can't articulate the value a reseller brings, you need to find another reseller," he says.
The best way to deal with Slippery Sam is to secure a written agreement that forgives any past compliance transgressions, says Scott. The best time to do that is right before you sign the check. Then try to move core applications like email or Web hosting to the public cloud, where compliance issues become someone else's headache.