Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data Loss Prevention Best Practices

Kingston Digital : 05 October, 2011  (Technical Article)
In light of latest NHS data loss incident, Kingston Digital provides commentary and advice on best practices for the prevention of data loss
Data Loss Prevention Best Practices
“Data loss via USB Flash drives are a big problem in the corporate world.  A recent study by the Ponemon Institute and commissioned by Kingston found nearly 50 percent of organizations lost drives containing sensitive or confidential information in the past two years.  It’s astounding that 67 percent of those companies confirmed they had multiple loss events and in some cases, over 10 separate events.”

“USBs are so commonplace in organizations that it’s far too easy for rogue Flash drives to enter the workplace and create opportunties for inbound infection or outbound data loss.  In fact, in a recent study that Kingston released with the Ponemon Institute, 72 percent of employees use free drives collected at conferences, tradeshows or business meetings, despite working in companies that offer ‘approved’ USB options.”

“The size of data breach incidents is likely the largest contributing factor to many organizations turning a blind eye toward using secure USB Flash drives.  In a recent USB security study we released with the Ponemon Institute, 42 percent of companies report having more than 50,000 USB drives in use in their organizations, with nearly 20 percent having more than 100,000 drives in circulation.”
 
“At the end of the day, human error more so than malicious intent is the most often cause of missing USB Flash drives.  It doesn’t matter though from a regulatory perspective how a drive goes missing and data gets ‘in the wild.’  Organizations need to acknowledge the likelihood of loss and attach real consequences if employees do not report lost drives.  According to the Ponemon Institute, on average 74 percent of missing USB drives were attributed to negligence and 65 percent of respondents believed employees in the organizations would not report a lost USB drive to authorities.”

Best Practice Recommendations

“Users would rather ask forgiveness than permission.  So if there are no clear policies communicated around USB usage, an organization cannot expect uniform behavior in their use.  A Ponemon Institute study found that only 29 percent of organizations feel they have ‘adequate’ policies to prevent USB misuse.  There are many companies that have a policy at some level but too many of these very same organizations don’t even enforce it.  It’s clear that setting policy is only the first step, but it’s an incredibly important one.”

“Many organizations fear that any attempt to control a device like a USB is likely to be ineffective and costly, both in terms of budget and loss of productivity.  However, a simple analysis of what an organization needs and understanding that there’s a range of easy-to-use, cost-effective, secure USB Flash drive solutions can go a long way toward enabling organizations and their employees to get a handle on the issue.  There is simply too much at stake with company information on unsecured USBs and the chance drives could go missing.”

“While it’s easy for some to condemn USBs as an unnecessary risk, the portability and focused use are also the greatest asset from a security perspective.  With the right technology and policies in place, USBs can be a key part of a data security strategy.”

“Banning any technology outright in the workplace has proven itself to be a bad strategy.  Employees often find workarounds.  With that in mind, the four key elements of a safe and secure USB strategy are:

1) Confidence – Understanding the options available that balance corporate needs for cost, security and productivity.  There are a great many more flexible options than most organizations realize.  You can find the right security for the right price.

2) Communication – Educating users sufficiently on the risks, and then setting clear policies for what USB technologies and uses are acceptable, AND what USB technologies and uses ARE NOT acceptable – and if necessary, real repercussions for not following policy

3) Control – Using technologies specific to USB platforms along with elements of other security controls (encryption, asset tracking, auditing, remote “kill” capabilities, etc.)  to ensure policies are enforceable and to provide additional layers of protection when unforeseen events occur

4) Cooperation – Continuously supporting employees with education and assistance to keep both corporate security and end user experience in line. 
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo