To better secure high value information and prevent any leakage, organisations should consider investing in information rights management (IRM).
IRM refers to an IT security technology that protects documents, spreadsheets, presentations or other files created by individuals that contain sensitive or confidential information from unauthorised access.
It achieves this by embedding encryption and user permission into these files directly, thus protecting them from being viewed, copied, forwarded, deleted and edited without permission.
Such protection remains applicable on these files even when they are shared with third parties or the information owner is away from the organisation network.
This means that regardless of where they are accessed and as long as the information owner can determine who has the rights to these highly confidential information, files that are sealed by IRM are usually secure throughout their entire lifecycle.
As part of their information security measures, organisations can establish and employ their own IRM rules in their operations and systems in accordance with data security, governance requirements and compliance.
Doing so can help prevent high value information from being stolen and misuse by cyber criminals, thereby avoiding consequences that can debilitate organisations including financial loss, reputation damage, lower consumer confidence and brand erosion.
IRM can also allow proper file controls to ensure that information is not exposed accidentally by employees, whether via personal file sharing applications and unencrypted e-mails or resulting from their failure to delete confidential documents where required and forwarding of files to unauthorised parties.
Despite its advantages, the security technology has its limitations. In a McAfee blog post on IRM, Ajmal Kohgadai noted that one complaint concerning IRM solutions is that a specialised IRM software must be installed to be able to open any IRM-protected file.
“For this reason, many enterprises seek to limit IRM protection only to files that require protection based on their content,” he wrote.
Additionally, while it provides security when high value information is being shared, there are still loopholes that render the use of the technology ineffective.
“A simple hand-held camera (or a smartphone) can capture an image of a file with IRM protection. Most Apple computers can also negate IRM benefits with a simple click of Command-Shift-4 combo that enables screen capture. Likewise for third party software that provide screen capture capabilities,” stated Mr Kohgadai.