The compromise of sensitive customer information has repeatedly made the headlines over the past few years. Many times, the data, including customer information, intellectual property, financial data and personnel files, has simply walked right out the front door on a laptop or another mobile device.
And the perpetrators are not only hackers, but also employees. Accidental and malicious data loss can occur through common channels such as e-mail, instant messaging, CD burns, Web posting, USB drives and printing - potentially costing organisations millions.
Companies that suffer such a data loss risk serious consequences, including regulatory penalties, public disclosure, brand damage, customer distrust and financial losses. A recent study found that more than 75% of Fortune 1000 companies had fallen victim to accidental or malicious data leakage. In 2007, the average cost to companies resulting from data breaches was $6.3 million.
In one example in the UK, the Revenue and Customs Office lost computer disks containing confidential details of 15 million people receiving child welfare benefits from the government, illustrating the danger of putting sensitive information on an easy-to-lose format, and the result of internal policies not being backed up by good security practice.
In another incident, a memory stick, containing personal details of criminals in the UK and Ireland, was lost. The data, which included information on 84 000 prisoners in England and Wales, was not encrypted and therefore not protected from being accessed by anyone who found the device.
One of the challenges for businesses moving data around is the lack of security of mobile devices, most notably removable storage devices such as memory sticks. A paper from ENISA, published in June 2008, states that USB devices present considerable risk as they usually lack security controls and are rarely covered by corporate security policies. With such gadgets being widely used in business today, companies need to be able to protect and account for the data stored on them, as they can easily be lost or left behind.
The latest data loss blunder was a computer sold on eBay, which contained highly sensitive information on several banks` customers. Information discovered by the buyer, an IT manager, included names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers` maiden names and even signatures. A former employee of the archiving firm that holds information of some of Britain`s biggest financial organisations sold the computer without erasing the internal hard drive.
This again highlights the need for organisations to understand the ways that breaches can occur and to consider how they can negate this problem.
In the event of a memory stick or computer being stolen or lost, encryption would make contained data inaccessible. In today`s environment, with the ubiquity of the Internet and the rapidly growing number of mobile devices, protecting confidential customer information and intellectual property must become a top priority.
When implementing a data loss prevention solution it is key to develop, enforce and ensure compliance of a security policy as well as safeguard data at every stage. Data on portable storage formats or transferred over public connections should be encrypted and only accessed by trusted parties. Companies should further implement access control and monitoring tools in order to supervise and prevent installation and usage of unauthorised applications. Furthermore, employees need to be educated and trained in order to understand the role they play in securing data.
It is possible to gain complete visibility and control over the transfer of critical data with additional security measures such as McAfee Total Protection for Data, a complete, integrated solution that uses strong encryption, authentication and data loss prevention, which allow businesses to monitor real-time events and apply centrally managed policy-driven security controls to prevent unauthorised access and transfer of sensitive information as well as generate detailed forensics reports without affecting daily business activities. It also stops confidential data losses initiated by Trojans, worms, and file-sharing applications that hijack employee credentials without their knowledge.
If your business is still playing catch-up in terms of data protection and security, maybe it is time to address this issue instead of becoming the next data loss blunder.
For more information on data protection, visit http://www.mcafee.com/data_protection.
Share
McAfee
McAfee, headquartered in Santa Clara, California, is the world`s largest dedicated security technology company. McAfee is relentlessly committed to tackling the world`s toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com
Editorial contacts