BreachExchange mailing list archives
Data loss: five steps to protect your customers’ business
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 11 Feb 2016 19:14:11 -0700
http://www.channelpro.co.uk/opinion/9762/data-loss-five-steps-to-protect-your-customers-business In a world where ideas, knowledge and information are the key drivers of value, protecting valuable data has never been more critical. The loss or theft of intellectual property can have a massive impact on the value and competitiveness of any business, particularly those that trade on their ideas and knowledge. Organisations can no longer point to their data centre as the repository of all their data. Data is everywhere and therefore harder to control. Should an organisation’s confidential information be disclosed to their competitors the impact could be significant and costly, risking lost sales, lost customers, lower profit margins and damage to reputation. Organisations also risk hefty fines and negative publicity should the Information Commissioner’s Office (ICO) uncover a breach. Recent findings published by the ICO showed that in the most recent quarter (Q1 2015/16) there was a 22 percent increase in data breach incidents resulting from loss or theft or unencrypted devices. Furthermore, when the European General Data Protection Regulation (EU GDPR) comes into force in the near future, the potential cost to businesses from the loss or theft of valuable data will increase even further. The EU GDPR will introduce severe penalties for compliance failures, with potential fines of up to five percent of worldwide turnover. Businesses are increasingly aware of the risks of IP theft but may not have the in-house knowledge and expertise to implement effective security measures to limit their risk exposure. This creates a significant opportunity for the channel to bring their own insight and expertise to customers, integrating themselves within their organisation and becoming a true value added partner. Here are five practical steps for your customer to consider when devising processes to protect their business: 1. Protect data Implementing effective security measures begins with organisations understanding what data they have, where it is stored and how it is shared. More breaches occur from data being copied onto removable media and devices, rather than lost or stolen laptops. Organisations should consider protecting their data by ensuring that any data copied to a peripheral device is fully encrypted. 2. Don’t rely on single layers of security Multiple layers of protection reduce vulnerability to malicious or accidental breaches. For example, as well as requiring user authentication via password, organisations could implement technology on their devices that prevents the hard disk being unencrypted if removed from the device. 3. Reduce complexity where possible The more convoluted the security procedures for users, the greater the likelihood of breaches as a result of their actions. Enabling single sign-on to any device limits the impact on users and reduces risks. 4. Security is key – but the business still needs to operate If security policies and technologies prevent people doing their jobs, they’ll inevitably find a way to bypass those controls. When implementing technology solutions, organisations should check that they’re flexible enough to meet the needs of their business and their users. 5. Ensure effective management control Having the right technology on endpoints is of limited value if the IT department can’t easily manage that technology and don’t have visibility of what users are doing on their devices. The IT department needs to ensure it has the tools to monitor and report on which devices have been encrypted and what data users are copying to removable media. If an organisation can’t prove to regulators that they’ve taken all reasonable measures to protect their data, they are more liable to receive a substantial penalty. Through adopting an advisory role, the channel can elevate their position from merely a supplier of hardware and software to contributing an active role in the strategic outlook of their customer’s organisation. By taking this approach they are rewarded with a loyal customer and are recognised as more than just another cost item on the CFO’s balance sheet.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- Data loss: five steps to protect your customers’ business Audrey McNeil (Feb 12)