The insider threat

Ross Dyer

BANGALORE,INDIA: With the current economic downturn bringing additional pressure, staff will be more prone to giving in to the temptation of compromising data assets for their own personal gain. 

A recent Survey revealed that 93 per cent of security professionals believe companies are under more pressure to protect from data loss due to the current economic climate. The insider threat was highlighted as a key driver with 73 per cent attributing data loss to employees taking data with them when they leave the company.

DLP technology can be used to ensure employees comply with policy driven data security measures, assuring the protection of an organisations most confidential data assets.

Top Tips for Organisations

Websense recommends the following 4 steps for Data Loss Prevention:

Step 1: Determine how important DLP is by asking the What, Where and How questions. What regulations must you comply with? Do you know where all copies of your confidential data are stored? Do you know how that information is being used and shared inside and outside your organisation?  What would happen to your business, customers and reputation if a data breach occurred?

Step 2: Define what data is deemed sensitive. The definition of sensitive information can vary greatly across industries and organisations. It can include customer lists, company financial data, trade secrets, marketing plans, employees’ personal information and more. It’s critical that organisations review all functional areas including legal, finance, human resources, marketing and others to help identify sensitive information. 

Step 3: Determine where the primary point of data control should be: at the endpoint, the network or data discovery – or a combination.

The appeal of endpoint technologies is the ability to protect intellectual property from theft or unauthorised dissemination – such as preventing someone from downloading the customer list onto a USB drive and walking out the front door.

The value of network and discovery solutions lie in monitoring how information is used within the organisation so management can identify and correct faulty business processes, prevent accidental disclosures of sensitive data, and provide reports demonstrating compliance during audits.

A network-based approach is the most common starting point and often the easiest to integrate. Many choose to begin with just data discovery to understand where their sensitive data exists and determine their level of risk.     

Step 4: Select the right DLP solution. There are many analyst reports which identify viable vendors and understand product capabilities.  Look for the flexibility, detection accuracy, policy framework, and solution coverage offered by each vendor.

Responsibility

Who in the organisation should be responsible for setting the tone of data protection and cyber security? A recent Survey revealed that Security professionals unanimously believe that businesses exposing consumers’ confidential data through a serious data breach should be punished for security negligence.

Nearly a third (30 per cent) think that CEOs and board members should face imprisonment 62 per cent believe companies should be fined 68 per cent call for compensation for consumers affected The survey also revealed that little improvement has been made with regard to organisations’ approach to security with more than 50 per cent of respondents suggesting this is due to businesses not taking action as they are not legally required to do so.

Public trust and confidence

Public trust and confidence will have taken a severe knocking. The truth is - technology is available to prevent this from happening - and businesses need to step up to the mark and better understand the implications of a data breach – before it becomes an issue. By taking active steps like using a DLP solution to trace inbound as well as outbound data leaks, and having visibility of where important and valuable data sits, companies greatly reduce the risk of becoming a statistic.

Both Gartner and Forrester place Websense as the leader in the data security space. Data Leak Prevention is an effective business system which enables organisations to protect sensitive data and maintain a competitive advantage. If data is key, then protecting it is even more so.

(The author is manager,sales engineering, Websense, UK)