Advert

Data leakage in your business

Is your company’s e-mail system putting your sensitive information at risk, asks Curt Gauci, owner and managing director at Kinetix IT Solutions.

The threat of attack from outside a company is real, and warrants significant concern and action from IT professionals. But massive data loss also results from internal activities. The insider threat is either characterised as an employee performing malicious behaviour, an innocent employee who makes a mistake, or it could even be a third party supplier with direct access to the company’s systems.

Examples of threats abound, from an employee mistakenly attaching a sensitive file and sending it out via their work e-mail system to an accidental or intentional data leakage by a contractor or third party who is using the organisation’s e-mail systems and has access to corporate data.

According to the 2017 Ponemon Cost of Data Breach study, the global average cost of a data breach is $3.62 million. This reality also applies to the EU, where 35 per cent of employees across the UK, France, Germany and Italy admit to have been involved in a security breach, presenting regional CISOs with a significant challenge when it comes to protecting company data, particularly in light of the forthcoming European GDPR which will come into effect later on this year.

With the upcoming deadline for the EU General Data Protection Regulation in the first quarter of 2018, the consequences of a data breach are much more serious now than they ever were before. Businesses of all sizes are realising that compliance with the EU GDPR and the Data Protection Act has never been more important than the present.

If you want to be certain your business is going to comply and avoid the potentially hefty financial penalties that failing to comply with this new regulation is going to bring with it, the time to start preparing is now.

Aside from GDPR compliance, implementing data protection measures is essential to any business because the loss of intellectual property, for example, such as proprietary product blueprints, financial data, and merger and acquisition plans can damage a company’s reputation, undermine its brand, or jeopardise its competitive edge.

In addition, breaches of regulatory requirements for handling sensitive customer data such as the Payment Card Industry Data Security Standard, can not only reduce customer confidence but also lead to crippling fines and even force a company to close.

Examples of critical and confidential information which are essential to protect include intellectual property, corporate data and customer data.

Find a balance which promotes productivity, collaboration and mobility while keeping data secure at all times

Although proper and consistent training and awareness of employees is key to protect against such insider threats, there are still several internal IT measures which may be adopted to provide more dependable protection and avoid the reputational costs and hefty fines associated with data leakage.

With data loss prevention, it is also very important for an organisation to find a balance which promotes productivity, collaboration and mobility while keeping data secure at all times. This is where the idea of data centric versus system centric protection comes in. Since we cannot block users from sending e-mails outside of the company as this will prove to be a deterrent to the business operations, a company would need to implement data centric measures for data protection. That is, they would apply protection and blocks which are triggered only when sensitive or personal data is being sent out.

Many organisations are trying to figure out how to protect their data and get compliant as well as asking about the investment required. While many see the cloud as having a bad reputation, paradoxically, the use of cloud services can actually aid compliance and reduce the burden on your business.

Microsoft’s Office 365 solution is a perfect fit for many businesses and may actually help your organisation meet your data protection and compliance requirements.

A key part in the protection of data is understanding what data you hold and where it resides. Upon discovery and classification, protection is fundamental to keep your data secure and meet compliance.

Office 365 can assist with that process through some of its key features. These include data loss prevention, which is a built-in feature. This allows you to configure actions that trigger when sensitive or personal information is detected, helping to block deliberate and accidental disclosure. DLP can recognise 80 common sensitive data-types covering financial services, healthcare and personal identifiable information.

Another feature is advanced data governance, which uses machine learning and similar technologies to help your business discover, find, classify and configure policies on data, throughout the whole data life cycle.

Audit logs provide comprehensive logging and reporting about what activity your users are undertaking, allowing you to detect and investigate security and compliance issues.

If your business wants to protect data or has regulation obligations or needs to meet a range of other compliance standards and you are wondering how to gain compliance, Office 365 should be a consideration. Not only is Office 365 an excellent enterprise solution, but it can also solve many data protection and compliance headaches IT departments are facing.

Comments not loading? We recommend using Google Chrome or Mozilla Firefox with javascript turned on.
Comments powered by Disqus  
Advert
Advert