- Uncontrolled employee communications are a major cause of inadvertent and purposeful data leakage. Risks include emails (both external and internal) and hard to control instant messaging. Email and IM can be both monitored and controlled to minimize the loss of customer data and company proprietary information.
- Lack of access control to customer and company private data. Access control is probably the #1 cause of security risks. Knowing who is accessing each type of information and controlling what they can do with it is essential to controlling data loss risk.
- Merchant activities are inherently dangerous. Few businesses these days can avoid taking customer credit cards for the purchase of goods and services. Merchants are required to maintain a secure network, protect cardholder data, check for vulnerabilities, implement strong access control measures, monitor and test networks and maintain a security policy. PCI DSS standards continue to get tougher and all merchants are subject to fines and/or remove of transaction privileges.
- Employee Web usage and Web 2.0 threats present an invisible threat to data loss. These are dangers that did not even exist 10 years ago. Today “what you see” if not “what you get” when it comes to browsing Web sites. Threats include invisible malicious software infections and phishing attacks that steal your personal information. Invisible is the key word and only sophisticated security software can protect against them.
- Uncontrolled access to Web servers is a growing problem caused by the proliferation of Web server access to almost every piece of data in companies. Customer, partner and employee information must be easily accessible externally, but Web servers present many vulnerabilities in their operating systems, applications and login mechanisms.
- Risk of lost or stolen data on mobile devices such as Laptops, smart phones/PDAs and the underlying wireless communications, has been exhibited in many high profile cases. Laptops are frequently lost or stolen, data has been stolen over insecure wireless communications, such as the massive customer credit card data breach at TJ Maxx, and the new generation of smart phones is slowly turning into handheld PCs along with all the data and communications risks of laptops
- Remote Access to workstations and servers and other internal data is a necessary requirement of businesses today with the proliferation of mobile and “at home” workers. But as with other data sources, access must be controlled to those that are authorized and only allowed access necessary information.
- Mobile storage such as 8-16 GB thumb drives, 1 TB external disks, CDs and 50GB DVDs gives every employee the ability to walk away with nearly all your key data. That exposes you to the risk of lost or stolen data. Modern security solutions provide the ability to control what portable storage devices can be used in your organization, whether it is encrypted, and what data can be stored and removed from your organization.
- Contractors, partners and other 3rd parties present another risk of uncontrolled access to your key data. While providing them access is frequently necessary, many solutions exist to control exactly what each group can access using “easy to use” Web browser interfaces.
- Intrusions by hackers are probably the one threat that everyone thought of while reading this topic. While not the main source of threats for most businesses, hackers continue to be a serious threat for businesses. Hackers now focus on specific businesses and look to gain financially. There is a long list of methods for breaking into company networks including vulnerabilities to your firewall, Web servers, desktop operating systems, applications and Web and mail based threats.
- Scalable (affordable) solutions are available to fit nearly every size of company
- Every company’s solutions will be different depending on how each business operates
- Deploy a multi-layer approach to data security along with appropriate security controls where the data is stored, in-transit, or used. In the case of security “belts and suspenders” is a good thing and overlapping security solutions are necessary to reduce the risk from unexpected threats. Companywide DLP solutions include:
- Mail, Web and content security at the internet gateway, server, and endpoint
- Internet gateway application level firewalls and wireless security
- DLP mail and Instant messaging software to prevent communications of important data
- 2-Factor Authentication to ensure the identity of those accessing your data
- Laptop and removable device Encryption for safe transport and storage
- Web surfing and Web server security
- Internal processes and policies
- Get help from security experts.
SUBMISSIONS (THE BLOG ENTERPRISE!)
THE BLOG ENTERPRISE is a subsidiary of Whyte-Hall Communications (http://sites.google.com/site/whytehallcommunications) – Jamaica’s leading virtual-based public relations consultancy that specializes in publicity planning, inclusive of Press Coverage, Media Relations, Corporate & News Photography, and Copywriting for Corporate and Non-Profit’s Newsletters and Blogs. Its President and CEO is Multi-Award Caribbean Journalist, Delroy A. Whyte-Hall.
With a weekly distribution of over 1,500 individuals across a vast local, regional, and international network, THE BLOG ENTERPRISE is published Mondays, Wednesdays, and Fridays, and is distributed via eMail Subscriptionsand RSS News Readers (My Yahoo! Bloglines, Google, Netvibes, Newsgator, and others).
Need to get the word out about your business and non-profit to your target audiences? Send your submissions (notices, media advisories, news releases, profiles, or any other MSME-related information for publication to: firstname.lastname@example.org.