With organizations holding more and more data digitally, there is an increased need to ensure data remains accessible across the organization at any given time. To that end, many organizations use tools that synchronize the organization’s data across various databases, applications, cloud services, and mobile devices, which involves updating data in real-time or at scheduled intervals to ensure that changes made in one location are reflected in all other locations where the data is stored. Data syncing ensures that the organization’s data is consistent and up to date across different systems, devices, or platforms.
For organizations, data syncing improves collaboration among employees, allows real-time access and updates to information from multiple devices, and fosters seamless teamwork, irrespective of location or the devices being used. Consistent data across devices reduces the risk of errors, discrepancies, or outdated information, improving the accuracy and reliability of data used for decision-making and reporting. Data syncing also facilitates data backup and recovery, which allows quick recovery of data in case of misplaced or malfunctioning devices. Overall, data syncing helps organizations operate more efficiently, make better decisions, and protect their data, ultimately leading to improved business performance and competitiveness in today’s digital age.
While syncing devices provide seamless integration and accessibility across multiple devices, organizations must be mindful of the potential data privacy and security risks, which are illustrated by a recent experiment conducted with syncing accounts.
In this experiment, a digital forensic team logged into the same syncing account on a smartphone and a laptop, and the team disabled the sync option on both devices. By doing so, text messages—for example—that are sent and received on one device should not appear on another device with the same syncing account. Despite this, the forensic team reported that they were still receiving incoming messages on both the phone and the laptop. Aside from logging out of the syncing account entirely, the team was unable to locate a method to completely disable message syncing.
Setting aside the accuracy of the experiment itself and whether the devices used were properly updated, this experiment underscores the broader implications for organizations that fail to actively manage their data syncing programs.
Key Takeaways
Verify that sync settings are functioning properly. It may be tempting for an organization to set up a robust data syncing tool and simply assume that it is working as intended. This strategy—as illustrated by the experiment—can lead to unintended results that can put the organization at significant risk. If an employee with access to sensitive personal information transfers to a new position at the organization—where such access is no longer required—an improperly configured data syncing tool could permit this employee to continue to have sensitive personal information available on their devices, which could lead to significant unauthorized access and potential use of that data. Periodic audits of data syncing tools can help manage this risk and ensure that data syncing features are working as intended.
Address data privacy and security concerns. Data syncing across an organization’s devices will, in turn, increase the number of devices that potentially contain confidential information, which creates substantial data privacy and security risk. These new devices will expand the organization’s data breach footprint and require updates to data mapping assessments (e.g., due to having more locations where confidential information is stored). Syncing can also inadvertently cause data to be transferred to devices that are not compliant with certain legal or regulatory frameworks (e.g., syncing protected health information to a mobile device that lacks encryption). While ensuring that the software’s data syncing features are working as intended, the organization should also ensure that it has robust policies and procedures in place to regulate how data is created, shared, and stored on the organization’s devices.
Take care when employees depart. Data syncing features can also present issues when handling employees that depart from an organization, as these employees could potentially use their company-owned or personal devices retain the organization’s data and continue to receive that data on a going-forward basis. Take an employee, for example, that has syncing enabled on their laptop belonging to the organization, that employee’s employment with the organization ends, but the employee refuses to return the laptop to the organization. Assuming the laptop does not have remote wipe capabilities, even if the company disables syncing on the former employee’s laptop, there is a potential risk that the organization’s data could continue to be transmitted to the former employee’s laptop—long after the employee is no longer authorized to access this data. As a result, it is important that the organization implements appropriate safeguards to secure the organization’s confidential information from unauthorized access, including implementing the ability to remotely wipe a device holding the organization’s data, as well as clearly delineating the process for ensuring that a departed employee no longer has access to the organization’s data.
While data syncing tools provide significant value and convenience, it is important for organizations to carefully consider the risks associated with data syncing and take thoughtful, proactive steps to mitigate this risk.