Corporate Security 2011 – Data Leakage Increased 33% in 2010. 3 Tips to Prevent Data Loss.
Each record lost, according to the Ponemon Institute, costs, on average, $204 to recover. Lose 1000 records (considered a very small breach), and you are suddenly out $204,000! According to the same study, the average cost for a business to recover from a data breach is $6.75 Million. The average cost to implement identity theft, social engineering and data breach training? In most cases, less than $50,000.
The causes are generally simple: perhaps your corporate data security software and firewalls need updating; employees haven’t been properly trained to destroy sensitive documents they no longer need; executives are surfing on unprotected wireless in airports and hotels; sales teams are gearing up social networking strategies that accidentally release confidential or proprietary information. Whatever the cause, companies and business owners must to step up in 2011.
Check 3 Tips to prevent data loss below.
1 Aggressive Education. One of the costliest data security mistakes I see companies make is attempting to train employees from the perspective of the company. This ignores a crucial reality: All privacy is personal. In other words, no one in your organization will care about data security until they understand what it has to do with them.Strategy: Give your people the tools to protect themselves personally from identity theft. In addition to showing them that you care (a good employee retention strategy), you are developing a privacy language that can be applied to business. Once they understand opting out, encryption and identity monitoring from a personal standpoint, it’s a short leap to apply that to your customer databases and intellectual property.
2 Start with the Humans. The root cause of most data loss is not technology; it’s a human being who makes a costly miscalculation out of fear, obligation, confusion, greed or sense of urgency. Social engineering is the craft of extracting information out of you or your staff by pushing buttons that elicit automatic responses.Strategy: Immunize your workforce against social engineering and poor decision-making. Fraud training teaches your people how to handle requests for login credentials, passwords, employee and customer data, unauthorized building access and an office full of information whose disappearance will land you on the front page of the newspaper. The latest frontiers that thieves are exploiting are your employee’s social networks, especially Facebook (check our Facebook page about DLP and corporate data security) and LinkedIn. It is imperative that you have a well-thought-out, clearly communicated social networking policy that minimizes the risks of data leakage, reputation damage and trust manipulation.
3 Security Audit. Once you have accounted for human weakness and error (above), focus on the technological sources of data theft: the weakly encrypted wireless router in your home or office, the unprotected wireless connection you use to access the Internet in an airport, hotel or café, poor passwords, lack of user-level access, failure to properly implement a firewall, security software or encryption, stolen laptops, smart phones and thumb drives.Strategy: Hire an outside firm to audit your security. Your internal staff will NEVER tell you what they are failing to protect out of ignorance or lack of budget. So the best solution is to use Data Loss Prevention software that analyzes all staff contacts and actions during work-time.