Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Preventing loss of corporate data.

Beyond Analysis : 21 January, 2008  (Technical Article)
After the latest Government laptop theft, Beyond Analysis offers five tips for safeguarding the company laptop whilst in your safe-keeping.
The news has been filled with data loss stories over the past few months. But rather than berating politicians and government agencies, we should be looking at our own data-protecting habits - or lack thereof. When it comes to data, prevention is better than cure, says Andrew Jordan, COO of Beyond Analysis.

As you read this, do you know precisely where your wallet or handbag is? Of course you do. What about your house keys? Sure. But can you safely say that all your personal data is secure? That brings up a whole different set of issues.

Whether we like it or not, we all now live in a world rich in data. We literally can't leave our homes without creating data on a computer system somewhere: from CCTV cameras, to credit card machines, to tube or subway passes, we are surrounded by machinery that captures our every move. Such statements are rich pickings for the Civil Libertarians, but there is a far more serious issue at stake here.

The news is filling up with stories about people losing other people's data. Various organs of the British Government have been guilty of it for quite some time. At the time of writing, Defence Secretary Des Browne was set to make a statement to MPs on the theft of a military laptop containing the details of 600,000 people. And just over a year ago, the Nationwide bank in the UK received a $2m fine from the regulator for losing a laptop. But why is this happening?

It comes down to some very simple and common sense principles. You hold a credit card in your hand and you can visibly see that it is an important item with intrinsic or implied value. But hold a CD-ROM in your hand and that immediacy is lost. You can't see the value. And therein lies the problem. That CD-ROM doesn't even need to contain data as sensitive as credit card details. Something as simple as a list of sales prospects would be of considerable interest to a competitor, or a list of internal phone numbers or email addresses would be of value to the press, headhunters or spammers. And because it is stored in electronic format, it's devastatingly easy to duplicate and transmit.

We lay the blame on these mishaps squarely at the door of the Government bodies or companies who handle the data. But instead, we should be educating the general population about data and what it means to us. We see TV ads for credit cards that indemnify you against identity fraud so you feel safe in the knowledge that someone can't use your details in criminal activity. But for many of us, we go to work the next day and forget that our jobs may involve data that is just as important, albeit it may not relate to us personally. And it is this disconnection that creates the problems.

So, here are five practical steps to help raise awareness of these issues and hopefully avoid another data "mishap":

1 Think about what data you have access to and how important it is. Many companies classify their data to provide guidance in this area. If something says "Highly Confidential", chances are you're not supposed to leave it lying on your desk when you go home at night. But use common sense in this area too, even if there is no formal classification of data. As described above, even something as benign as a phone list is of value to someone.

2 Treat your laptop as if it was your own. You wouldn't leave your wallet on the back seat of your car, so don't do the same with your laptop. You are almost certainly unaware of the extent to which you've got local copies of sensitive data on there.

3 Treat corporate data as if it was your own. You wouldn't email your online banking details to a broad distribution list, so why would you do it with confidential data? Chances are it relates to someone, even if it isn't you.

4 Think before you leave the office. Employees increase the risk of mishaps simply by working on laptops. All too often data is pulled off a network and "localised" to be worked on, yet rarely are the updated files uploaded again and the local copy deleted. It's safer on the network and you have the added bonus of it being backed up.

5 Be aware, and raise awareness in others. As described above, no amount of policy and rule-making in the workplace can prevent problems occurring. The only guaranteed way of preventing data being mislaid or misappropriated is to be aware of data in the first place and then applying a healthy dose of common sense.

Prevention is certainly better than cure when it comes to data. However complex and automated computer systems become they will inevitably involve human interaction at some point. Provided people become more aware of data, and treat other people's data as carefully as they would their own, problems like those faced by the Nationwide and the British Government can easily be prevented.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo