Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Ten tips for building effective protection against data loss.

InfoSecurity Europe : 04 April, 2008  (Technical Article)
Applied Security's Frank Schlottke provides ten pragmatic pieces of advice for creating a protective environment for preventing the loss of valuable data.
Losing company data, whether at the hands of a hacker or accidentally is highly embarrassing. And if that data contains sensitive information such as customers' personal details, legal action and media coverage can lead to financial loss and irreversible reputational damage. But it doesn't have to be that way. Here are ten rules that will dramatically reduce your risks:

1 Identify data that needs protecting.

Data classification is vital. For example, management data may include sales figures, strategies and contracts, while HR holds employee records including bank account details; and R&D stores crucial design information and intellectual property. Prioritise data from most to least important.

2 Know the threats.

Identify who has potential access to confidential information - from employees to partners and outsiders. And be aware that while firewalls can protect against hackers, a second line of defence is needed to be safe.

3 Don't be overconfident.

If you think you are untouchable, think again. With so many highly regarded organisations from Marks & Spencer to HMRC losing data, expect the unexpected and learn from others' mistakes.

4 Identify data channels and how to protect them.

Most sensitive data, like personnel records and strategy documents, originate from a PC or laptop and is stored on hard disks, file servers, USB drives or CDs. So, it is more efficient to protect the data itself using encryption, rather than the device or channel.

5 Define central policy management.

Grant access rights to data on a 'need-to-know' basis, ensuring that even IT administrators can only see files that they are authorised to see. Don't forget that access rights may need to be taken away or amended if an employee leaves or changes roles.

6 Consider the human factor.

Complicated security can lead to human error, increase workload and slow down processes. So, when choosing a vendor, make sure that each feature of a solution adds to security seamlessly, rather than increases complexity.

7 Be aware of your legal obligations.

There are a wide range of legislative and legal requirements regarding data protection. Failure to take preventative measures can lead to managers and company directors being found personally liable.

8 Remember recovery mechanisms.

If an important file is accidentally deleted it can usually be recovered. But if the key to an encrypted file is lost, so is access to the data. Your encryption solution should have intelligent recovery mechanisms, such as one time passwords to tools that can recover encrypted material, even if all keys are lost.

9 Prioritise risks.

The choice of security solution should be based upon perceived risks to the organisation from financial to reputational. Weeding out the 'nice to haves' from the 'must haves' means that it's easier to find the best fit solution.

10 Accept that data protection is worth the investment.

Data loss prevention is no easy feat, otherwise it would be inexpensive and security breeches would be rare. IT security is complex and requires specialist knowledge. Once this is accepted and the process is carried out properly, the benefits will far outweigh the investment.

Following these top ten tips will help your organisation to avoid common mistakes and you will avoid becoming front page news for all the wrong reasons.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo