Data loss: five steps to protect your customers’ business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.channelpro.co.uk/opinion/9762/data-loss-five-steps-to-protect-your-customers-business

In a world where ideas, knowledge and information are the key drivers of
value, protecting valuable data has never been more critical. The loss or
theft of intellectual property can have a massive impact on the value and
competitiveness of any business, particularly those that trade on their
ideas and knowledge.

Organisations can no longer point to their data centre as the repository of
all their data. Data is everywhere and therefore harder to control. Should
an organisation’s confidential information be disclosed to their
competitors the impact could be significant and costly, risking lost sales,
lost customers, lower profit margins and damage to reputation.

Organisations also risk hefty fines and negative publicity should the
Information Commissioner’s Office (ICO) uncover a breach. Recent findings
published by the ICO showed that in the most recent quarter (Q1 2015/16)
there was a 22 percent increase in data breach incidents resulting from
loss or theft or unencrypted devices.

Furthermore, when the European General Data Protection Regulation (EU GDPR)
comes into force in the near future, the potential cost to businesses from
the loss or theft of valuable data will increase even further. The EU GDPR
will introduce severe penalties for compliance failures, with potential
fines of up to five percent of worldwide turnover.

Businesses are increasingly aware of the risks of IP theft but may not have
the in-house knowledge and expertise to implement effective security
measures to limit their risk exposure. This creates a significant
opportunity for the channel to bring their own insight and expertise to
customers, integrating themselves within their organisation and becoming a
true value added partner.

Here are five practical steps for your customer to consider when devising
processes to protect their business:

1.     Protect data

Implementing effective security measures begins with organisations
understanding what data they have, where it is stored and how it is shared.
More breaches occur from data being copied onto removable media and
devices, rather than lost or stolen laptops. Organisations should consider
protecting their data by ensuring that any data copied to a peripheral
device is fully encrypted.

2.     Don’t rely on single layers of security

Multiple layers of protection reduce vulnerability to malicious or
accidental breaches. For example, as well as requiring user authentication
via password, organisations could implement technology on their devices
that prevents the hard disk being unencrypted if removed from the device.

 3.     Reduce complexity where possible

The more convoluted the security procedures for users, the greater the
likelihood of breaches as a result of their actions. Enabling single
sign-on to any device limits the impact on users and reduces risks.

 4.      Security is key – but the business still needs to operate

If security policies and technologies prevent people doing their jobs,
they’ll inevitably find a way to bypass those controls. When implementing
technology solutions, organisations should check that they’re flexible
enough to meet the needs of their business and their users.

5.     Ensure effective management control

Having the right technology on endpoints is of limited value if the IT
department can’t easily manage that technology and don’t have visibility of
what users are doing on their devices. The IT department needs to ensure it
has the tools to monitor and report on which devices have been encrypted
and what data users are copying to removable media. If an organisation
can’t prove to regulators that they’ve taken all reasonable measures to
protect their data, they are more liable to receive a substantial penalty.

Through adopting an advisory role, the channel can elevate their position
from merely a supplier of hardware and software to contributing an active
role in the strategic outlook of their customer’s organisation. By taking
this approach they are rewarded with a loyal customer and are recognised as
more than just another cost item on the CFO’s balance sheet.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.