Cyber Attacks have become more sophisticated and more frequent. Data loss is a growing concern that is only going to get worse for ever business in every industry. With the growing dependence on comptuers and access to the internet. This problem is going to continue to get worse at an increasing rate. The number of companies that have reported data breaches has been growing. With the increase in the ease of access with remote, mobile and other access methods the potential for a breach has grown. There is a security cost for ease of access and no company is immune. Preventing this loss of data has become more and more a very complex issue.
Data loss is expensive, costing organizations an estimated average of $200 per record breached, or an average of $6.8 million per total breach, according to a recent Ponemon Institute survey. But that’s just the monetary loss an organization experiences. The true cost is harder to measure when adding factors such as lost competitive advantage, loss of revenue, litigation and damage to company reputation.
To be able to minimize the threat of data loss the first step is to acknowledge that the threat is real. Once you acknowledge the threat is real will you then be able to build an comprehensive plan to minimize the threat of data loss. A prevention plan would be the best case but in reality you cannot prevent data loss you can only minimize the threat of data loss as much as possible.
Once you have acknowledged the treat of data loss is real the second step is to define the data that you want to protect. This may see like it is a very difficult task. But once you understand what the data is that you want to protect it will make things much easier to handle. It is important to understand the difference between confidential information and confidential documents. Confidential information would be names, Social Security numbers, drivers license numbers etc. Confidential Documents would be the documents that hold the confidential information.
It is generally pretty easy to define what confidential data is. At a minimum, every organization should protect the simple data points that allow for fraudulent monetization of data: first and last name, address, social security number, credit card number, driver’s license number, banking information, etc; as well as data protected by regulations.
You must also protect your business critical data. Business critical data would be any type of data that is relative to the actual running of your business. In order to determine what business critical means to your business there are several things that you should look at.
- Would Data Loss of this information negatively affect your revenue and profitability?
- Would the Data Loss lead to your companies leadership needing to be informed of the Data Loss?
- Would action need to be taken after the leadership has been informed of the Data Loss?
By applying these three questions to all the data in your business you will be able to focus on the data that is truly critical to running your business.
Once this definition is established you will be able to measure your business against that definition in order to gain insight into what the greatest risks are to your potential data loss. For instance, the areas of greatest concern do not necessarily overlap the areas of greatest exposure. In many cases, the single greatest exposure existing in an organization can be easily remedied by altering a single business process.
Once your business defines its data you can communicate this policy to your employees. The policy should be practical and concise addressing which data is confidential and how it should be used. Training will convey the importance of this policy and how employees are responsible for keeping that data as safe as possible. In most instances employees just don’t know because they have had no training to show them how important this is to the business.
Data loss is a constant threat. There are tested and proven ways to safeguard and limit the potential data loss in your business. By defining your data and taking proactive measures by defining your data and educating your employees you will be able to significantly decrease your risk of data loss and becoming a victim of common security threats.