Data Loss Prevention

Preventing your data from loss or falling into the wrong hands should be a key part of your IT strategy … and day-to-day housekeeping. The consequences of such events can include breaches of confidentiality, non-compliance penalties, espionage, financial losses (to your business, employees and customers) and compromised reputation.

The risks

  • Theft, inadvertent loss or unauthorised replication of data on portable devices (such as laptops, tablets, smartphones and USB-connected devices).
  • Data being inappropriately emailed.
  • Data being inappropriately uploaded to a website, ftp site or cloud-based storage.
  • Data being inappropriately printed.
  • Data being removed from the company on a CD or DVD.
  • Illicit removal and potential use, passing on or sale of data by departing or corrupt employees or those bearing a grudge.

Protect your data

There are a number of methods that you can use to protect your data:

  • Conduct a risk analysis by reviewing the information stored on the company network, in the cloud and on individual devices, who has access to it and the consequences of its loss.
  • Establish document classification in order to identify categories of confidentiality.
  • Control who has access to what data by setting access levels.
  • Establish and enforce clear policies about what employees can do with confidential or business-critical data. Educate the workforce.
  • Educate staff on diligence about data access authorisation and email recipient and cc lists.
  • Ban or restrict the use of portable devices.
  • Disable USB ports by either electronic or physical means.
  • Establish a clear BYoD (Bring Your Own Device) policy.
  • Encrypt corporate data.
  • Consider purchasing a commercial Data Loss Prevention solution.

 

See Also...

Jargon Buster

A Glossary of terms used in this article:

USB

Universal Serial Bus: a means of physically connecting computers and peripherals such as external storage, keyboards and MP3 players.