Data Loss Prevention
Prevention of data loss should be a key part of any business's IT strategy. The consequences of data falling into the wrong hands can include breaches of confidentiality, non-compliance penalties, industrial espionage, financial losses (to your business, employees and customers) and compromised reputation.
The Risks
-
Theft or inadvertent loss of data on portable devices (such as USB-connected devices, laptops, phones and tablets).
-
Data being inappropriately emailed.
-
Data being uploaded to a website, ftp site or cloud-based storage.
-
Data being inappropriately printed.
-
Data being removed from the company on a CD or DVD.
Examples of data loss include illicit removal by departing salespeople taking customer databases with them, and corrupt employees selling data to criminals, competitors or saboteurs.
There are also countless cases of data having been inadvertently lost by employees leaving portable devices in public places.
Protect Your Data
There are a number of methods that you can use to protect your data:
-
Conduct a risk analysis by reviewing the information stored on the company network, who has access to it and the consequences of its loss.
-
Establish document classification in order to identify categories of confidentiality.
-
Control who has access to what data by setting access levels.
-
Establish and enforce clear policies about what employees can do with confidential or business-critical data. Educate the workforce.
-
Ban or restrict the use of portable devices.
-
Disable USB ports by either electronic or physical means.
-
Encrypt corporate data.
-
Consider purchasing a commercial Data Loss Prevention solution.