/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsRoss Dyer
BANGALORE,INDIA: With the current economic downturn bringing additional pressure, staff will be more prone to giving in to the temptation of compromising data assets for their own personal gain.
A recent survey revealed that 93 per cent of security professionals believe companies are under more pressure to protect from data loss due to the current economic climate. The insider threat was highlighted as a key driver with 73 per cent attributing data loss to employees taking data with them when they leave the company.
Top Tips for Organisations
Websense recommends the following 4 steps for Data Loss Prevention:
Step 1: Determine how important DLP is by asking the What, Where and How questions. What regulations must you comply with? Do you know where all copies of your confidential data are stored? Do you know how that information is being used and shared inside and outside your organisation? What would happen to your business, customers and reputation if a data breach occurred?
Step 2: Define what data is deemed sensitive. The definition of sensitive information can vary greatly across industries and organisations. It can include customer lists, company financial data, trade secrets, marketing plans, employees’ personal information and more. It’s critical that organisations review all functional areas including legal, finance, human resources, marketing and others to help identify sensitive information.
Step 3: Determine where the primary point of data control should be: at the endpoint, the network or data discovery — or a combination. The appeal of endpoint technologies is the ability to protect intellectual property from theft or unauthorised dissemination — such as preventing someone from downloading the customer list onto a USB drive and walking out the front door.
The value of network and discovery solutions lie in monitoring how information is used within the organisation so management can identify and correct faulty business processes, prevent accidental disclosures of sensitive data, and provide reports demonstrating compliance during audits.
A network-based approach is the most common starting point and often the easiest to integrate. Many choose to begin with just data discovery to understand where their sensitive data exists and determine their level of risk.
Step 4: Select the right DLP solution. There are many analyst reports which identify viable vendors and understand product capabilities. Look for the flexibility, detection accuracy, policy framework, and solution coverage offered by each vendor.
(The author is manager,sales engineering, Websense, UK)