Powered By Blogger

Prevent Data Loss within Company

 

Prevent Data Loss within

Company


In your company, is the client portfolio important? Rates? Reputation? Surely your answer was yes. And it is that information, without any doubt, constitutes one of the most important assets of our company regardless of whether it is small, medium or large.

There are many news that we can read in some media related to security incidents in which theft or theft of confidential information occurs. This has very serious consequences, not only economically or legally, with fines or penalties for non-compliance with data protection legislation; but in terms of image and loss of reputation, loss of customers, etc. Building an image and reputation requires a lot of effort and work, but losing all this work to these types of incidents is very easy and, worse, very difficult to rebuild.

Why happens?

These types of problems have always existed in companies but, with the use of new technologies, the processing and storage of large volumes of data, the impact of a leak is much greater. On the other hand, we find that with the increase in the use of mobile devices -both corporate and personal- to access company resources, it represents an added risk for the security of our information.

Information leakage can occur accidentally: loss of a laptop, sending information by mistake, etc. But it can also be an incident caused, for example by the dissatisfaction of an employee who leaks information, or through other techniques, such as attacks carried out by cybercriminals through social engineering , which have led to the theft of information to damage the reputation of the company or for economic purposes.

How can we prevent these types of incidents?

To prevent this type of incident with a guarantee, we must take into account the type and value of the information to be protected, taking into account the possible impact that its theft or loss may cause on our business, since it can have different consequences depending on the type of information and type of organization. Therefore we must always:

1. Know the information that the organization manages. This should be done through interviews and meetings with the organization's staff.

2. Classify it according to its criticality, according to a reasonable and unified criterion.

3. Determine your degree of security: is the risk of loss of information high? And the risk of leakage or theft of information? Can it be altered without authorization?

4. Establish the necessary measures  to improve your security.

 

To reduce the probability that this type of incident will occur, we can establish different types of measures, closely linked to the protection of the workplace , because in the end it is still the most important point where we manage this asset. But specifically, we can highlight three types of measures:

  • Techniques. The security solutions market offers services and tools for all types and sizes of companies, which allow the detection and prevention of information leaks. The basic measures that we can apply, regardless of the size of the company, are:
    • encryption of corporate confidential information ,
    • firewall installation, configuration and upgrade ,
    • Keep all the applications of our systems updated, etc.

For companies with greater economic resources or that need a higher level of demand when it comes to managing and protecting information, we can apply other more advanced measures using:

    • solutions for the prevention of data loss or DLP ( Data Loss Prevention ) that are usually oriented to monitoring and control;
    • those destined to the management of the information life cycle or ILM Information Lifecycle Management ) from the moment it is generated or elaborated until its archiving or final destruction;
    • External storage device control tools, which are intended to control physical access to ports and removable devices such as USB to prevent information leaks.
  • Organizational. These types of measures are closely related to "the way" in which information is handled or treated. On the one hand, we will have to prevent bad practices such as sharing passwords or confidential information in work directories to which the entire company has access. These situations usually occur due to lack of knowledge of the user. For this reason, it is important to establish security policies , together with awareness-raising actions for all employees.
  • Legal. It is important that employees or suppliers who manage corporate information, comply with security policies; For this we can sign service level agreements (SLAs) with suppliers and have users sign confidentiality agreements, in which we will regulate the aspects related to the security and confidentiality of the information in the provision of a service, including the sanctions in case of non-compliance. An important point, and mandatory, is related to the treatment of files that contain personal data. Applying these measures, we will not only comply with the laws, but we will also show our commitment to the client in terms of managing the confidentiality of their information and, in the event of an intentional leak of information by someone from the company , have the legal support to carry out the appropriate measures.

Although it is always important to take extreme precautions to avoid any type of incident, these types of incidents have a significant aspect due to their reputational impact. If you want to know more details about how to protect yourself or manage an incident of this type, we invite you to consult our guide " How to manage an information leak. An approach guide to the employer ". Remember that data theft can have important consequences on your customers and on the image of the organization . Protect your information!

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Necessity of a Secure Data Wipe

  Necessity of a Secure Data Wipe According to projections from  The Radicati Group , in 2021 we will be sending 320,000 million emails pe...