Businesses across the globe have embraced the growing integration of network communications and business operations. Employees are encouraged to take full advantage of technology such as wireless devices and public hotspots for improving their efficiency. Though productivity is booming, network-based collaboration introduces corporate data into a broader environment that is more vulnerable and difficult to protect.
With virus attacks becoming a common occurrence in all consumer segments, data theft has emerged as a growing concern for enterprises across the globe. Moreover, enterprises in emerging countries such as China, India and Brazil - where IT adoption is at a nascent stage - are more prone to loss of company data and other sensitive information due to flouting of company rules by employees.
Data stored on the corporate network is at risk since it is more accessible than ever due to easy access to company databases for information sharing; storage and compression technology have allowed for powerful (and risk-laden) end-points. The increasing usage of portable data storage devices such as mobiles and pen drives make it easier for employees, partners, or data thieves to access, move, or lose intellectual property or customer data.
In the past two years, more than 250 million confidential records were reported lost or stolen across the globe. These losses arise largely due to internal activities. Whether intentionally or otherwise, innocently or maliciously, employees reportedly engage in behaviour that heightens the risk of data loss. To reduce data leakage and protect corporate information, organisations need to understand how employee behaviour increases risk and take steps to foster a security-conscious corporate culture in which employees adhere to policies and procedures.
Major factors contributing to data leakage:
* Unprotected devices
* Logged on computers when users are away from seats may result in potential theft of company data
* Approximately 20 percent of employees across the globe store their system log-in and passwords on their computers which could lead to breach of security
* Use of unauthorised programs which results in majority of data loss incidents
* Sharing of work devices with others without supervision
* Access to unauthorised parts of a company's network or facility
* Transfer of files between work and personal computers when working from home
A recent survey conducted by InsightExpress, a US-based market research firm and commissioned by Cisco reveals that the blurring of the line between work life and personal life is one of the prime factors behind the loss of company information, either knowingly or due to ignorance. To reduce data leakage, businesses must keep upgrading security networks and consistently evaluate the risks of every interaction with networks, devices, applications, data, and of course, other users.
Consequences
In addition to having more data at risk, businesses today suffer greater consequences if that data is lost or compromised. The loss of intellectual property, such as proprietary product blueprints, financial data, and merger and acquisition plans, can damage a company's reputation, undermine its brand, or jeopardise its competitive edge. Breaches of regulatory requirements for handling sensitive customer data can reduce customer confidence and lead to fines.
Prevent Data Leakages
Threats to data security are continuing to evolve mainly through the Internet, which is a vital component of today's business infrastructure. In this perilous environment, employees around the world are leaking data despite the best efforts of IT professionals to stem the flow.
There is no full-proof solution to secure corporate data, especially as businesses and their data become increasingly mobile and operate within virtual instead of physical boundaries. Many businesses put too much faith in technology alone. However, the best security technology in the world will not produce a good return on investment without the foundation of security processes, policies, and education. Instead, businesses should start by evaluating employee behaviour and the associated risks based on factors such as the locale and the threat landscape.
* Establish tools and processes that track the data's movement to know where it is stored, how it is accessed, and who is using it,
* Identify the types of data that require a unique protection regime within and beyond the company's walls.
* Protect systems by using only authorised application and access methods, maintaining security software such as antivirus applications, respecting and maintaining security settings.
* Protect portable devices by keeping them locked up at all times, not sharing work devices or using them for personal activities, not forwarding confidential information from work systems to personal devices, and not accessing inappropriate sites or downloading inappropriate information,
* Prevent data theft while travelling by speaking softly, using privacy filters to prevent over-the-shoulder viewing and using a virtual private network (VPN),
* Conduct daily business activities according to the company's code of business conduct - particularly pertaining to information security,
* Learn how to handle the different levels of confidentiality for the company's documentation by understanding the differences between public, confidential, highly confidential, and restricted documentation,
* Foster a culture and environment of openness and trust, employees must feel comfortable with the corporate security landscape in order to implement security directives,
* Educate and train employees about company expectations for protecting data.
Preventing data leakage is a business-wide challenge. The more people at every level in the organisation understand the seriousness of the matter, the more successful a company will be in protecting its critical assets. With sufficient desire and proper investments, businesses can avoid security breaches.
With virus attacks becoming a common occurrence in all consumer segments, data theft has emerged as a growing concern for enterprises across the globe. Moreover, enterprises in emerging countries such as China, India and Brazil - where IT adoption is at a nascent stage - are more prone to loss of company data and other sensitive information due to flouting of company rules by employees.
Data stored on the corporate network is at risk since it is more accessible than ever due to easy access to company databases for information sharing; storage and compression technology have allowed for powerful (and risk-laden) end-points. The increasing usage of portable data storage devices such as mobiles and pen drives make it easier for employees, partners, or data thieves to access, move, or lose intellectual property or customer data.
In the past two years, more than 250 million confidential records were reported lost or stolen across the globe. These losses arise largely due to internal activities. Whether intentionally or otherwise, innocently or maliciously, employees reportedly engage in behaviour that heightens the risk of data loss. To reduce data leakage and protect corporate information, organisations need to understand how employee behaviour increases risk and take steps to foster a security-conscious corporate culture in which employees adhere to policies and procedures.
Major factors contributing to data leakage:
* Unprotected devices
* Logged on computers when users are away from seats may result in potential theft of company data
* Approximately 20 percent of employees across the globe store their system log-in and passwords on their computers which could lead to breach of security
* Use of unauthorised programs which results in majority of data loss incidents
* Sharing of work devices with others without supervision
* Access to unauthorised parts of a company's network or facility
* Transfer of files between work and personal computers when working from home
A recent survey conducted by InsightExpress, a US-based market research firm and commissioned by Cisco reveals that the blurring of the line between work life and personal life is one of the prime factors behind the loss of company information, either knowingly or due to ignorance. To reduce data leakage, businesses must keep upgrading security networks and consistently evaluate the risks of every interaction with networks, devices, applications, data, and of course, other users.
Consequences
In addition to having more data at risk, businesses today suffer greater consequences if that data is lost or compromised. The loss of intellectual property, such as proprietary product blueprints, financial data, and merger and acquisition plans, can damage a company's reputation, undermine its brand, or jeopardise its competitive edge. Breaches of regulatory requirements for handling sensitive customer data can reduce customer confidence and lead to fines.
Prevent Data Leakages
Threats to data security are continuing to evolve mainly through the Internet, which is a vital component of today's business infrastructure. In this perilous environment, employees around the world are leaking data despite the best efforts of IT professionals to stem the flow.
There is no full-proof solution to secure corporate data, especially as businesses and their data become increasingly mobile and operate within virtual instead of physical boundaries. Many businesses put too much faith in technology alone. However, the best security technology in the world will not produce a good return on investment without the foundation of security processes, policies, and education. Instead, businesses should start by evaluating employee behaviour and the associated risks based on factors such as the locale and the threat landscape.
* Establish tools and processes that track the data's movement to know where it is stored, how it is accessed, and who is using it,
* Identify the types of data that require a unique protection regime within and beyond the company's walls.
* Protect systems by using only authorised application and access methods, maintaining security software such as antivirus applications, respecting and maintaining security settings.
* Protect portable devices by keeping them locked up at all times, not sharing work devices or using them for personal activities, not forwarding confidential information from work systems to personal devices, and not accessing inappropriate sites or downloading inappropriate information,
* Prevent data theft while travelling by speaking softly, using privacy filters to prevent over-the-shoulder viewing and using a virtual private network (VPN),
* Conduct daily business activities according to the company's code of business conduct - particularly pertaining to information security,
* Learn how to handle the different levels of confidentiality for the company's documentation by understanding the differences between public, confidential, highly confidential, and restricted documentation,
* Foster a culture and environment of openness and trust, employees must feel comfortable with the corporate security landscape in order to implement security directives,
* Educate and train employees about company expectations for protecting data.
Preventing data leakage is a business-wide challenge. The more people at every level in the organisation understand the seriousness of the matter, the more successful a company will be in protecting its critical assets. With sufficient desire and proper investments, businesses can avoid security breaches.
No comments:
Post a Comment