Click to learn more about author Hoala Greevy.
You’ll find dozens of products out there calling themselves Data Loss Prevention (DLP). And, while such technology may be part of your solution, data loss prevention is a full-time and full-blown strategic approach to protect your data. There are at least five reasons your organization needs data loss prevention.
- You Have Everything To Lose
Data may mean different things to different people. It means one thing to financial people and another thing to operations managers, human resources functions, and so on. It includes your intellectual property, customer records, employee identities, financial performance and much, much, more.
Data holds all the secrets to your competitive advantage, product innovation and future plans. It includes everything that interests all your of stakeholders. And, data leaks or criminal theft closes companies every day – pending their recovery or death.
A poll of 1,000 business decision makers, conducted by research company Vanson Bourne, revealed:
- One in four are certain their companies will suffer from a security breach.
- The cost of the security breach will on average be almost $1 million. Larger companies can expect even a greater figure.
- Three out of four don’t believe that all of their business data is totally secure.
- Two out of five believe data is more secure on their home computers than their work computers.
When data means knowledge, your dense and deep data is more important than ever. The denser and deeper the knowledge, the more able your data loss protection must be.
- They’re Smarter Than You
Cyber thieves have nothing else to do. Their purpose is to deny, destroy and disrupt. They have no other task before them. With passion, time and financing on their side, they are armed in ways that for-profit and non-profit organizations find impossible to match.
Even businesses in the field of DLP struggle to keep up and outguess next steps. New malware debuts on the Internet all day, every day. Cyber criminals attack large companies with full out offense systems and/or sneak into those same systems one computer or mobile device at a time.
They’ve targeted governments, election systems and intelligence agencies. Businesses as big as Target, Sony Pictures, Anthem Healthcare and Penn State University are just a few of the mega organizations that have been hit. They have lost credit card numbers, patient healthcare records, private correspondence and academic records.
However, as Fox Business News says, “It’s now small mom-and-pop businesses of all stripes – retail shops, leisure activity businesses, hotels, health clinics, even colleges are getting hammered by cyber criminals. And it’s pushing many entrepreneurs to the verge of bankruptcy.”
You’ve no doubt heard of Trojan horses, worms, viruses and more. But, spear phishing seems the latest way of getting into your business. Spear phishing labels the emails in a manner to appear as though they’re from a known commodity to the employee opening it. The email is personalized enough to prompt opening the message and the contaminated attachment.
Just recently, people have been receiving emails telling recipients that their recent Amazon order has been canceled. It looks like any Amazon email, but upon checking you’ll notice it’s an “http://” not “https://” identity, and that the sender is not Amazon. Nevertheless, it’s easy to see how many Amazon customers might instinctively open the apparent Amazon message.
- People Will Make Mistakes
Most data disappear because of employee issues, rather than external criminal activity. Some employees deliberately steal data as a form of revenge for some perceived negative treatment, for personal profit or for no other reason than to sabotage the business.
Employees can be a major risk to data security. For instance, there’s the salesperson that uses a thumb drive to copy the client list. Or, there’s the HR clerk who steals employee identification. Then there’s the draftsman who copies a blueprint. All such theft means immediate or eventual loss to the organization.
Employees use company computers, mobile devices or other digital connections to shop, email and surf the web. Users are on social media, as well as business and personal email, and they often work in unsecured environments.
Even innocent communications involve sending and receiving information that can be loaded with bad stuff that further transmission spreads. One malicious attachment can invade and ravage your entire system.
- Data Is Bigger Than Ever
Any keystroke on any device in your organization creates data. It grows exponentially and bulges at the seams. Information Technology works at directing, managing and storing it. But, it’s like managing water flow.
Among the Data Management problems is differentiating the quality of the data. It is not in the nature of data to display its importance, privacy or security priority. Helping the data understand its own importance would go a long way to channeling it and creating levels and thresholds of security.
Individual one-size-fits-all DLP responses don’t differentiate either. You need strategic solutions that understand the location, direction and use of the data. Your strategy needs to create barriers aligned to the nature and quality of the data and/or its level of confidentiality. You need to know who or what creates the data, who uses it and who transmits and receives it.
- As Your Data Goes, So Goes Your Business Reputation
Responsible organizations must bite the bullet and announce their data loss event. They have an ethical responsibility to inform their public. But, having done that, they are also sending a message to their customers, vendors, prospects, investors and stakeholders.
No matter how quickly the business recovers or mitigates the problem, the damage is done. The organization has proven to be vulnerable. Its trust has been compromised and its value diminished. It is a public relations problem on one hand, and a fundamental financial loss on the other.
In the interest of protecting information in a global economy, an increasing number of countries have enacted increasingly stringent compliance regulations on data protection. So, at the very least, your data loss may subject you to fines, penalties and loss of contracts. Still, this global compliance has trouble keeping up with new technologies and the growing sophistication of those criminals working in the dark web.
Your Business Just Deserves Better
These five reasons all speak to the same point. In time, your business will lose data. And, there is no single solution now or in the foreseeable future. As a result, you need strategic and self-sustaining policies and procedures in place to manage your data against potential loss.
That strategy will include quality DLP technology. But, it will also require continuing training, education and monitoring. It takes investment in loss protection and risk management, now and in the future. And, it takes a corporate consciousness of the problem and universal understanding of the needs and preventive measures.