How Safe is Your Data?
Preventing data from loss or falling into wrong hands
Preventing your data from loss or falling into the wrong hands should be a key part of every company's IT strategy and day-to-day housekeeping.
The consequences of such losses can include breaches of confidentiality, non-compliance penalties, financial losses (to your business, employees and customers) and a compromised reputation.
The European Commission plans to unify data protection within the European Union (EU) with a single law, the General Data Protection Regulation (GDPR). With fines of up to 5% of global annual turnover proposed, the new regime will put data protection on a par with anti-trust and anti-bribery sanctions. 'Taking a view' on data protection compliance is likely to become prohibitively expensive. There is a great deal for organizations to do between now and 2017.
A recent survey at a recent business expo revealed that many companies still don't have a relevant policy in place and have not carried out a risk assessment.
Risks:
- Theft, inadvertent loss or unauthorized replication of data on portable devices (such as laptops, tablets, smart phones and USB-connected devices).
- Data being inappropriately emailed.
- Data being inappropriately uploaded to a website, ftp site or cloud-based storage.
- Data being inappropriately printed.
- Data being removed from the company on a CD, DVD, USB or other memory device.
- Illicit removal and potential use, passing on or sale of data by departing or corrupt employees or those bearing a grudge.
Protecting data:
- There are a number of methods that you can use to protect your data:
- Conduct a risk analysis by reviewing the information stored on the company network, in the cloud and on individual devices, who has access to it and the consequences of its loss.
- Establish document classification in order to identify categories of confidentiality.
- Control who has access to what data by setting access levels.
- Establish and enforce clear policies about what employees can do with confidential or business-critical data.
- Educate the workforce.
Educate staff on diligence about data access authorization and email recipient and cc lists.
- Provide staff with an encrypted USB flash drive when working or transporting confidential data off site.