Spring Cleaning: Digital Dust Bunnies - WST

Spring has officially sprung! If you are like us, you are swapping out closets with lighter clothing, and beginning an annual “spring cleaning” of the home. But why stop there at the house? What about peeking into your virtual closets to see if there are digital dust bunnies ready to be swept away? If it has been a while since you did so, then this tip is for you.

Depending on browser settings, you may have workstations setup to download PDFs instead of opening them directly in the browser. Your users could be going to the default download location, the user’s “Downloads” directory for Microsoft Edge and Google Chrome and opening the PDF document instead. For users who review PDF reports through a hosted application, this could amount to a rather large pool of PDFs containing both customer non-public information (NPI), as well as your institution’s confidential information. Those sensitive user documents now reside on the user’s system and are potentially available to a threat actor who may have even the least amount of permission to your environment.

The good news is that it is also easily preventable. To start, you will want to consider a formal deployment of browsers, such as through a Group Policy Object (GPO) or third-party tools. When doing so, be sure to check if PDF documents are set to open in the native browser as opposed to downloading directly to the workstation. Next, consider changing the default download location to a protected location on a file server instead of saving locally. This way, you have an extra layer of protection in NTFS permissions, and a centralized place to target for periodic cleanup.

If you prefer to allow local downloads or simply want a safeguard in place, there is now a native feature in the Windows 10 operating system that can automatically purge target folders after a specified number of days and user activity. Simply type “Storage Sense” from the search bar to access. To ensure protection and provide rapid deployment, you may consider a GPO here as well.

The misuse of data can upend corporate and brand reputations, and tarnish employee and customer relations. As stewards of sensitive data, it is our duty to offer responsible management and ensure protection, which is essential for competing in the digital era.

Authored by: Ben Caruso