Are you doing enough to prevent data loss?

As the volume of information that organisations have to process and store keeps snowballing with each passing year, how many companies can honestly claim that they’ve got a grip on the security of all of the confidential data that they hold?

There are well documented cases of data loss within the retail sector, financial services and even government organisations – but how would such a data loss affect your business?  It can be a scary exercise assessing what a data loss incident could cost your own organisation.  The direct costs of rectifying an incident and paying any penalties or compensation could be damaging enough.  However, it’s often the less easily calculated costs that can be even more of a problem.  How many existing customers could decide to move their business to one of your competitors and how many potential new customers could be put off working with you?  In today’s economic climate, who can afford to give customers any excuse to go elsewhere?

The complexity of the typical IT environment only makes data security more difficult.  If organisations had a single data store, it would be a lot easier to keep data secure – but that’s not the reality of where organisations are today.  Multiple islands of data, using products from multiple storage vendors, are the reality for almost all organisations.

In addition to the rising volume of data, the growth in mobile working introduces further issues that have to be addressed if data is to remain secure.  Laptops, PDAs and pocket-sized memory devices all have the potential to compromise security.

Accidents happen

Doing nothing or simply carrying on with 5 year old practices is not a realistic option.  New technologies and faster broadband speeds have made it easier for colleagues to share and collaborate.  However, these same technological advances have also introduced new security risks.

The good news is that Data Loss Prevention (DLP) can be addressed.  However, before you can go about improving data security, there are some key questions that have to be answered:
• Do you know where all confidential data is stored?
• Do you know who accesses it… and what they’re doing with it?
• Do your personnel know what is expected of them with regard to data security?

Recent estimates suggest that 80% of data security breaches are accidental.  While it’s reassuring that incidents of employees deliberately trying to ruin their employer are relatively rare, it’s concerning that such a high proportion of security breaches result from simple mistakes.  I believe that this one statistic is enough to prove the case for placing a great deal of emphasis on educating employees about the risks and the procedures that need to be followed.

Define… Educate… Monitor

Far from being rocket science, DLP is largely a matter of devoting sufficient thought and effort to defining policies that are right for your organisation.  Then, it’s a case of educating personnel on the procedures, proactively monitoring security and ensuring that your solution is flexible enough to respond to new threats.  DLP technology can help to make the whole process a lot easier – automatically discovering sensitive data, monitoring its use, reminding personnel about security when it looks like a data security breach is about to be committed and even directly preventing the transmission of specific key information.

The rise in the importance of Chief Information Security Officers and Risk Management teams within typical businesses proves that there’s a need – and a greater desire – to keep data secure.   Implementing a flexible DLP solution is vital – as no one knows where tomorrow’s technological advances will take us… and what new risks they may introduce.

How comfortable are you with your organisation’s Data Loss Prevention policy?