Information is the most important part of any organisation. Without it there really is no business, and in difficult economic times protecting your information is a premium concern. With this in mind, the cost of losing data is immeasurable, writes SafeNet.
It goes without saying that 2008 was a catastrophic year for data loss. Over the course of the year – and at various points since then – consumers and businesses alike were left vulnerable because of lackadaisical approaches to protecting data. As the media reported, laptops were left on trains, USBs lost in mini-cabs, and CDs went missing in the post with appalling regularity.
But what must be remembered is that all businesses have a responsibility – both to their shareholders and their customers – to protect the information they hold. We should be able to trust that organisations are using stringent practices to secure data and have the necessary safeguards in place to protect it. These include identifying process weaknesses, adopting robust security standards and, most importantly, encrypting all sensitive data.
"The proliferation of mobile working means that data is transported, stored and accessed anywhere and IT departments are struggling to keep this data secured," said Gary Clark, VP EMEA at SafeNet. "You only have to think about where we personally use or access data – in the office, on our way to work, at home, in a client’s office – to realise how difficult it would be for companies to protect this data while it is at rest, at use and in motion."
But instead of telling users they can’t use a mobile device any more, or can’t connect to the corporate network externally, organisations need to ensure data is managed and secured. Mr. Clark believes that if encrypted, information would remain secure at all times, even if it fell into the wrong hands. Failing to do this leaves the heart of the organisation vulnerable and could lead to problems with regulatory compliance.
Gary Clark is urging companies to learn from the mistakes of the past. He has put together a three-step guide to help companies of all sizes protect information from the threat of exposure:
1. Securing data across the business
An Enterprise Data Protection strategy for protecting information includes encrypting data on databases, applications, networks, files, networks, endpoint devices, and removable media so that all data is secure whether at rest, in use or in transit. In order to fully protect the business and justify security spend, companies need a policy that covers them from the core to the edge of the organisation, across multiple business applications. This will ensure the privacy and control of information wherever it goes.
Buying from fewer vendors will also help. An accumulation of different solutions and strategies could leave gaps in the policy and is costly and difficult to manage. An integrated security platform can increase operational efficiency through centralised management and administration, and reduce the overall costs of data protection.
2. Cultural education
The human element is consistently the weakest link in the security chain. Some staff simply ignore security regulations in order to get a job done faster. Often, the security implications of working processes, or the security requirements of the data in question are not well understood – in fact only 45 per cent of companies educate their employees on security policies [1]. Then there’s the very real danger of malicious intent entering the picture. And finally, people make mistakes. Human error is unavoidable, but the chances of it happening can be significantly reduced if all employees are educated in security protocol.
3. Don’t rest on your laurels
IT infrastructure within a company changes continuously due to upgrades, migrations and mergers. Security policies should be regularly re-evaluated to ensure they are up-to-date, all-encompassing, and are aligned to current internal and external threats. As new technology is introduced, hackers’ techniques change so IT managers must remain vigilant to prevent attacks.
"The current economic situation has put company information at a premium," said Mr Clark. "Reports are already suggesting that the recession is causing levels of crime – particularly cases of fraud and identity theft – to rise. With criminals ready to pounce on any opportunity for personal gain, it’s more important than ever to make sure sensitive information cannot be accessed by any unauthorised users and is not publicly exposed."
[1] According to a survey conducted by SafeNet at Mobile World Congress 2009
