Preventing Data Leakage - Do you know where your data is?
"A computer containing the banking details of a million UK customers has been sold on eBay for £35. The machine was taken from a company which stores banks' financial records..."
"A contractor working for the Home Office has lost a memory stick containing the names and dates of birth of every prisoner in England and Wales. The data was not encrypted..."
"Details of 25 million child benefit recipients have been lost after two discs containing the data were sent from HM Revenue and Customs to the National Audit Office (NAO) but appeared not to arrive. The data included details of millions of bank accounts..."
"Data thieves breached the systems of credit card processor CardSystems Solutions and made off with data on as many as 40 million accounts affecting various credit card brands..."
Unfortunately, headlines like these are becoming more and more common. We continue to hear about companies that have suffered "data leakage" - a politically correct way of saying data loss or theft. We hear about external theft of credit card and personal information and worst of all we hear of companies that have lost critical information due to a computer error, natural disaster, systems or network failure, or just poor operational and security practices.
Do you know where your company data is stored? How it is stored or transported? Have any of your colleagues or staff ever had a laptop stolen or lost a USB stick? Are you confident that your business continuity policies and procedures are implemented correctly and are actually being followed? Can you afford for them not to be?
If any of these questions have made you sit up and think, then make sure you address your data leakage issues immediately. This is a specialist area that requires expert advice and assistance so do not assume that your current IT support supplier is the right place to start.
- Every company should have an information classification and handling policy in place
- All employees should be trained in the classification and handling of all forms of company information and data
- There should be an inventory of all critical or sensitive data that the company reviews, creates, maintains and stores. This inventory should be maintained and reviewed periodically to ensure that it is properly secured and protected
- A policy should be implemented that NO critical or sensitive data is to reside on any portable or movable device without the express permission of a senior manager responsible for that data
- All employees should be required to attend some type of company sponsored training in information security and business continuity, especially all new staff.
A data security specialist should be able to help you prevent data leakage and security breaches by:
- Safeguarding the confidentiality, integrity and availability of sensitive data
- Providing a detailed audit trail of all device and application execution attempts, by tracking data that is copied to and from removable devices and by controlling what data is allowed to be copied to a device at the file level
- Controlling and monitoring the flow of inbound and outbound data
- Identifying organizational security holes in the protection of sensitive information through comprehensive auditing capabilities
- Preventing spyware and keyloggers originating at an endpoint
- Protecting against network security breaches where confidential data could be exposed to fraud
When your tap leaks you call a plumber almost immediately to fix it. Please do the same for data leakage. Call in the proper experts to identify the sources for the leaks and fix them. WYSIWYG-IT can offer expert advice in all areas of data security.
 Printable version
|
