The increasing use of technology in every company has made the ability to protect key digital assets almost impossible. Yet, nearly every company’s value (large or small) is tied to and dependant on protection of key intellectual property, customer data, and proprietary company information.
The risks are high. Nearly 250 million data records containing sensitive personal information were exposed in security breaches in the U.S. since January 2005 according to the Privacy Rights Clearinghouse. Yet it is almost impossible to control access, use, or removal of key data or what experts call data leakage. What’s worse is that most companies have few if any programs in place to minimize the risk of data leakage. Listed below are recent examples of high profile companies who have exposed sensitive data due to security breaches.
According to a 2008 IDG survey, 63% of all data leaks come from accidental mishandling of data by employees. So, how do companies keep private data where it is supposed to be, inside your company? Unless data is locked it in a vault with no access to the Web, email, employees, remote workers, customers and mobile devices, company assets are at risk of being lost, stolen or corrupted. Along with those risks, comes the negative public exposure due to compliance regulations, fines and lost customers and productivity.
10 WAYS Data can Leak Out of Your Business?
Here are 10 threats that nearly every business has regardless of company size, products or markets. See how many of them you are protected against.
- Uncontrolled employee communications are a major cause of inadvertent and purposeful data leakage. Risks include emails (both external and internal) and hard to control instant messaging. Email and IM can be both monitored and controlled to minimize the loss of customer data and company proprietary information.
- Lack of access control to customer and company private data. Access control is probably the #1 cause of security risks. Knowing who is accessing each type of information and controlling what they can do with it is essential to controlling data loss risk.
- Merchant activities are inherently dangerous. Few businesses these days can avoid taking customer credit cards for the purchase of goods and services. Merchants are required to maintain a secure network, protect cardholder data, check for vulnerabilities, implement strong access control measures, monitor and test networks and maintain a security policy. PCI DSS standards continue to get tougher and all merchants are subject to fines and/or remove of transaction privileges.
- Employee Web usage and Web 2.0 threats present an invisible threat to data loss. These are dangers that did not even exist 10 years ago. Today “what you see” if not “what you get” when it comes to browsing Web sites. Threats include invisible malicious software infections and phishing attacks that steal your personal information. Invisible is the key word and only sophisticated security software can protect against them.
- Uncontrolled access to Web servers is a growing problem caused by the proliferation of Web server access to almost every piece of data in companies. Customer, partner and employee information must be easily accessible externally, but Web servers present many vulnerabilities in their operating systems, applications and login mechanisms.
- Risk of lost or stolen data on mobile devices such as Laptops, smart phones/PDAs and the underlying wireless communications, has been exhibited in many high profile cases. Laptops are frequently lost or stolen, data has been stolen over insecure wireless communications, such as the massive customer credit card data breach at TJ Maxx, and the new generation of smart phones is slowly turning into handheld PCs along with all the data and communications risks of laptops
- Remote Access to workstations and servers and other internal data is a necessary requirement of businesses today with the proliferation of mobile and “at home” workers. But as with other data sources, access must be controlled to those that are authorized and only allowed access necessary information.
- Mobile storage such as 8-16 GB thumb drives, 1 TB external disks, CDs and 50GB DVDs gives every employee the ability to walk away with nearly all your key data. That exposes you to the risk of lost or stolen data. Modern security solutions provide the ability to control what portable storage devices can be used in your organization, whether it is encrypted, and what data can be stored and removed from your organization.
- Contractors, partners and other 3rd parties present another risk of uncontrolled access to your key data. While providing them access is frequently necessary, many solutions exist to control exactly what each group can access using “easy to use” Web browser interfaces.
- Intrusions by hackers are probably the one threat that everyone thought of while reading this topic. While not the main source of threats for most businesses, hackers continue to be a serious threat for businesses. Hackers now focus on specific businesses and look to gain financially. There is a long list of methods for breaking into company networks including vulnerabilities to your firewall, Web servers, desktop operating systems, applications and Web and mail based threats.
As long as data and people are mobile, there will be many ways for critical or private data to leak outside of your organization. While many solutions like firewalls and web security are part of “best practices security”, others like Data Loss Prevention (DLP) for mail or IM, and data encryption depend on your assets, IT infrastructure, people, processes, industry and compliance needs. For every threat and risk profile, there are solutions that will increase your security so that your management team can sleep at night. Companies now have the tools to mitigate risks and ensure that key data stays in control of the company and that the company name stays out of the security breach news.
Important guidelines to data loss prevention.
- Scalable (affordable) solutions are available to fit nearly every size of company
- Every company’s solutions will be different depending on how each business operates
- Deploy a multi-layer approach to data security along with appropriate security controls where the data is stored, in-transit, or used. In the case of security “belts and suspenders” is a good thing and overlapping security solutions are necessary to reduce the risk from unexpected threats. Companywide DLP solutions include:
- Mail, Web and content security at the internet gateway, server, and endpoint
- Internet gateway application level firewalls and wireless security
- DLP mail and Instant messaging software to prevent communications of important data
- 2-Factor Authentication to ensure the identity of those accessing your data
- Laptop and removable device Encryption for safe transport and storage
- Web surfing and Web server security
- Internal processes and policies
- Get help from security experts.
SOURCE: Courtesy of Tom Ruffolo, CEO, eSecurityToGo.com, a USA-based provider of IT security products, services and compliance solutions for business. eSecurityToGo solutions help companies protect their intellectual property (IP), cope with security breaches, increase employee productivity and manage compliance issues. Solutions include best-in-class and value-based products, plus security expert consulting such as risk assessment, planning, and installation. Solutions vary based upon customer size, industry, and technical expertise. Formed in 2003, eSecurityToGo has a unique Online/Direct business model that offers its customers multiple ways to obtain its solutions. By combining the efficiency and cost benefits of the Web, with traditional on-site and phone based sales, consulting and support; customers get what they need, how, when, and where they need it. eSecurityToGo’s Website can be found at www.eSecurityToGo.com.
SUBMISSIONS (THE BLOG ENTERPRISE!)
THE BLOG ENTERPRISE is a subsidiary of Whyte-Hall Communications (http://sites.google.com/site/whytehallcommunications) – Jamaica’s leading virtual-based public relations consultancy that specializes in publicity planning, inclusive of Press Coverage, Media Relations, Corporate & News Photography, and Copywriting for Corporate and Non-Profit’s Newsletters and Blogs. Its President and CEO is Multi-Award Caribbean Journalist, Delroy A. Whyte-Hall.
With a weekly distribution of over 1,500 individuals across a vast local, regional, and international network, THE BLOG ENTERPRISE is published Mondays, Wednesdays, and Fridays, and is distributed via eMail Subscriptionsand RSS News Readers (My Yahoo! Bloglines, Google, Netvibes, Newsgator, and others).
Need to get the word out about your business and non-profit to your target audiences? Send your submissions (notices, media advisories, news releases, profiles, or any other MSME-related information for publication to: firstname.lastname@example.org.