point
Menu
Magazines
Top-Myths-About-Data-Protection
Surendra Singh
Monday, March 31, 2008
McLaren Mercedes’ $100 million fine and exclusion from the Formula 1 constructors’ title exploded the issue of data leakage into the limelight of the world’s press last year. But it’s not just the glamorous world of motor sport that’s been affected. Almost daily we hear of another data breach incident in industries ranging from retail to finance to
government.

A survey conducted by Websense and The Nielsen Company, India in 2007, highlighted that 35 percent of employees feel worried about losing both personal as well as work-related information.

This article seeks to debunk some of the myths that exist around data protection. A key challenge for senior executives is to consider how to put best practices in place to address this matter without impeding daily business operations.

Myth #1
Data leak prevention is the IT manager’s problem
Securing companies from external threats such as viruses has long been in the IT department’s realm. Today, the challenge of protecting sensitive data spans all business units. It is commonly believed that the Board would hold ultimate responsibility should an information leak occur. Senior managers need to drive the implementation of the necessary technologies and compliance processes to protect confidential data from the top of the organisation.

Myth #2
I know where my company’s data resides
Most companies do not have a good handle on where their data lives, whether on file servers or company laptops. Understanding who has access to data and where it flows inside and outside of the network is crucial to managing information.

Myth #3
My employees understand what they can and can’t send out of the company
Most employees do not intentionally leak information and, given the right training and education combined with data leak prevention technology, the risk of a breach diminishes significantly. However, the majority of employees in India do not know their company’s policies. Employees often don’t understand why sending work home through Web mail is risky or why password protection is important. In an increasingly mobile work environment, employee training is even more essential.

Myth #4
I should be most concerned about protecting my data from data theft and malicious internal leaks
Malicious data leakage and theft is certainly important to address; however most leaks are unintentional. In fact, according to Forrester Research, more than 70 percent of all leaks are accidental. When developing an effective data leak prevention strategy, senior managers must focus on accidental data loss to address the majority of the everyday risk.

Myth #5
Data leak prevention technology will hinder my business operations
Contrary to what many senior managers think when they hear the words “data leak prevention,” the right solution can improve business processes. If you implement a solution that has the context of what the data is, who is sending it, and its intended destination, when a violation occurs, managers can be notified to remediate the incident within the business unit thus reducing administrative costs.

All senior managers involved with business risk should carefully consider their role within the company because data leakage is too significant an issue to be dealt with solely by the IT department. Now, with the potential damage to business and talk of government legislation increasingly at front of mind at Board-level, the importance of assessing the impacts of data loss across the business and coordinating all departments to mitigate against it is bigger than ever.

The author is Regional Director - SAARC, Websense.
Twitter
Share on LinkedIn
facebook

Previous Magazine Editions