{"id":43244,"date":"2022-01-04T15:44:19","date_gmt":"2022-01-04T20:44:19","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=43244"},"modified":"2022-01-04T15:44:19","modified_gmt":"2022-01-04T20:44:19","slug":"pii-protection-endpoint-cloud","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/pii-protection-endpoint-cloud\/43244\/","title":{"rendered":"Do you know how your employees are processing PII?"},"content":{"rendered":"<p>Many regions around the world now have local laws regulating the processing and storage of <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/personally-identifiable-information-pii\/\" target=\"_blank\" rel=\"noopener\">personally identifiable information (PII)<\/a>. That\u2019s in addition to the GDPR (General Data Protection Regulation), with which every company handling EU residents\u2019 data in any way must comply.<\/p>\n<p>Large organizations have relatively clear strategies for complying with all of those laws and regulations. Typically, they give an employee \u2014 a data protection officer (DPO) \u2014 the responsibility of ensuring compliance with the rules on processing personal data, and they allocate sizable budgets to the development of internal regulations and for conducting regular audits. However, a lack of resources can make compliance more challenging for small organizations.<\/p>\n<h2>Human factor<\/h2>\n<p>The problem most often lies with employees, not all of whom are as careful as they should be with other people\u2019s personal data. That carelessness can lead to unintentional leaks.<\/p>\n<p>Consider one common scenario: employees who deal with PII daily storing scans containing personal data in a corporate shared environment. From their point of view, they\u2019re simply uploading data to the company\u2019s OneDrive or SharePoint directories. Strictly speaking, their actions do not constitute a leak, but they have made the data accessible to colleagues who may not be appropriately trained to work with such information and who therefore should not have access to it.<\/p>\n<p>The problem is not that these colleagues will necessarily allow a data leak to occur. However, thinking that they do not have access to any supercritical or confidential information, they may accidentally leave their work laptop unsupervised from time to time. Furthermore, if the organization experiences an unrelated data leak incident, a surprise audit of its data processing and storage practices \u2014 and, potentially, hefty fines for allowing broad employee access to customers\u2019 or employees\u2019 personal data \u2014 may follow.<\/p>\n<h2>How to minimize the risk of personal data landing in shared access<\/h2>\n<p>The simplest way to keep personal data out of shared storage is to monitor whether employees use business collaboration tools to transmit such data. That is to say, you need to understand exactly what employees are sharing, where they store the information, and whether they share links to it with anyone outside the organization. In theory, you need a separate <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/data-loss-prevention-dlp\/\" target=\"_blank\" rel=\"noopener\">DLP<\/a> solution to do that, but not all businesses have the resources for one. There is an alternative, though.<\/p>\n<p>The Data Discovery feature in our latest <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/cloud?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kescloud___\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Endpoint Security Cloud<\/a> solution is an excellent option for any organization that uses Microsoft 365 services for collaboration. Data Discovery detects files containing PII or bank card data, clearly shows its location, and provides additional context\u00a0\u2014 independent of whether the information is stored in a structured or unstructured format.<\/p>\n<p>Although the feature currently operates only with German, Italian, and American document formats, we are continuing to refine it. We expect the product to support detection of other countries\u2019 documents in the near future.<\/p>\n<h2>Control over alternative collaborative tools<\/h2>\n<p>We know that employees may sometimes go further and upload important corporate information onto third-party cloud services. In other words, they may be storing data in places and with tools whose security IT does not control.<\/p>\n<p>We therefore recommend that you start by clearly explaining to your employees that they must not use third-party cloud services for confidential or sensitive data. Then, monitor all use of cloud services and block them as needed. Another feature in <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/cloud?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kescloud___\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Endpoint Security Cloud<\/a> \u2014 Cloud Discovery \u2014 can help there.<\/p>\n<p>The Cloud Discovery and Data Discovery features supplement <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/cloud?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kescloud___\" target=\"_blank\" rel=\"noopener nofollow\">our solution's<\/a> standard protection mechanisms. Thus, it not only protects companies from external cyberthreats but also makes compliance with personal data protection laws and regulations easier.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kes-cloud\">\n","protected":false},"excerpt":{"rendered":"<p>Can you be sure your employees are working responsibly with personally identifiable information?<\/p>\n","protected":false},"author":700,"featured_media":43245,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2013,961,2173],"class_list":{"0":"post-43244","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-gdpr","10":"tag-leaks","11":"tag-pii"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/pii-protection-endpoint-cloud\/43244\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/pii-protection-endpoint-cloud\/26017\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/pii-protection-endpoint-cloud\/10417\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/pii-protection-endpoint-cloud\/15660\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/pii-protection-endpoint-cloud\/27668\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/pii\/","name":"PII"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/43244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=43244"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/43244\/revisions"}],"predecessor-version":[{"id":43247,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/43244\/revisions\/43247"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43245"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=43244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=43244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}