_ Data Loss Prevention


To best prevent data loss, it is important to first know how data breaches are most likely to occur.

“When it comes to data loss prevention, we often hear about stolen laptop computers and malware downloaded via USB drives, but what we tend not to hear as much about are the instances where organizations overlook the potential of data loss through the use of Web 2.0 tools, such as instant messaging,” “It’s important to keep data security in mind when it comes to instant messaging and other unified communications channels,because IM can act like an open door if left unchecked—it’s imperative that enterprises have tools in place to scan and filter file transfers over IM sessions to protect that data.”

Companies also suffer data loss primarily through ineffective enforcement of company policies. These range from ambiguous rules regarding social networking to the transport of critical data on USB drives to passwords being kept on a computer desktop in a text file.

“While companies often have strict policies regarding the legitimate handling of data, it is often the inadvertent release of sensitive information that can lead to the most serious damage.

Data can flow out of a company through an individual, but more often it flows out through that individual’s computer,“If a company takes each individual computer and implements the same privacy control measures that they would deploy on their personal computers at home, a great deal of unnecessary loss would be prevented. Just as individuals don’t want their Web habits tracked and analyzed by advertising companies, companies should make all efforts to prevent similar behavioral tracking and information exchange from occurring with their employees, especially on company-owned computers.”

As companies become increasingly mobile and users carry company data on portable storage devices (such as USB drives, smartphones and laptops), they increase their risk of data loss.

Data loss can have a minor or major impact on the business. For example, a user might drop a smartphone in a puddle on their way into work. If the phone, which held email correspondence with clients, is rendered useless and the data unrecoverable, then the company suffers a data loss. Luckily that data didn’t get into the wrong hands, and the damage is minimal. But consider a laptop with hundreds of customers’ credit card numbers left on the subway. All those customers are subject to identify theft if the laptop is picked up by an individual with malicious intent and the company is liable.

Data loss isn’t limited to mobile computing devices. Emails containing confidential corporate information can be sent to the wrong recipients. Instant messages can be intercepted by attackers. Weak access controls can allow the wrong users to access sensitive network resources. The methods by which a company can suffer a data loss are numerous and, unfortunately, so are the effects. Data loss can result in negative publicity, damage to the company’s reputation, loss of customers and profits, decreased stock value and even heavy regulatory fines.

In an effort to protect citizens against identity theft, regulatory agencies passed laws requiring companies to protect sensitive information against data loss. These regulations often require the use of encryption, which renders data unreadable and prevents access to it. If a company that is subject to regulatory compliance experiences a data loss without the proper controls, as required by the regulation, the company can be subject to fines and penalties.


Article source: http://www.processor.com/editorial/article.asp?article=articles%2Fp3301%2F36p01x%2F36p01.asp
Article source: http://www.sophos.com/en-us/security-news-trends/security-hubs/data-loss-and-regulations/data-loss-and-regulations-article.aspx