Preventing data loss from internal and external threats

Information is the most valuable asset the vast majority of businesses own. Be it customer records, invoices, intellectual property, financial information, key business contracts or product information, every organisation houses data that is critical to its business operations. Keeping this information safe from harm should be a priority for any company.

Unfortunately, protecting business data is a complex task and data breaches are commonplace. A Symantec survey revealed that in 2008, 79% of Australian organisations experienced a data breach. What’s more, 40% of respondent organisations admitted to experiencing between six and 20 known data breaches over the last five years.

To prevent these data breaches from occurring, businesses need to have an understanding of how information leaks happen. Organisations are already aware that cybercriminals are looking to infiltrate business networks to access corporate data. However, by far the biggest threat to sensitive data comes from within the company itself and the enemy within.

In the US, the Ponemon Institute reported that in 2008 insider negligence was responsible for 88% of all reported data breaches and that 59% of employees admitted to taking company data when leaving their employer. Locally, Symantec research revealed that the leading causes of data breaches were also internal issues including lost laptops (45%), human error (42%) and lost mobile devices (30%). Additional insider factors such as insecure business processes, leaked paper records and corporate espionage were also identified as significant causes of data loss.

Data loss can have serious financial, legal and reputational repercussions for businesses. Australian organisations believe that the worst business costs of data loss are reputational damage (44%), decreased customer loyalty (42%) and loss of customers (38%). These factors, coupled with increased regulation and media coverage of high-profile data breaches, have led to an increased focus on preventing data loss.

How can businesses prevent data loss? To prevent data from being leaked outside of the business, organisations need to consider the following issues:

• Where is confidential information saved? Confidential data cannot be protected unless businesses understand where on the system it resides. Data can be stored on the network, across endpoint devices and in storage and archiving systems. Businesses need to create a comprehensive inventory of their data, so that it is logged and can be protected. Once this data has been identified and prioritised, organisations must establish who ‘owns’ the data and which employees should be given authority to remove it from the enterprise.
• How is this data being used? Businesses need to understand how their information is being utilised and where it is exiting the corporate network. By using a content-aware data loss prevention (DLP) solution, it is possible to track when employees are attempting to email sensitive data, burn it to a disk or copy it to a USB stick.

The removal of confidential data from the corporate network is often not malicious. For example, a CFO may pull information out of a secure database to create a report which he emails outside the business. If this email is not encrypted the information could easily be leaked into the public domain despite the lack of malicious intent. DLP solutions must be able to identify the distribution of data as a result of human error as well as the situation where an insider tries to steal corporate data from the system.

• How can data breaches be identified and remediated? By tracking when business data is exiting the corporate network, businesses will be able to identify any data breaches that occur. A content-aware DLP system will continuously monitor the use of a business's information. In accordance with predefined policies, it will issue an alert when unauthorised employees attempt to remove this data from the network. The most advanced solutions will also enable businesses to automate the remediation of these data breaches, using a workflow solution. Remediation actions include locking down USB drives and applying encryption or enterprise content management (ECM) solutions.

All organisations need at least a base line level of data protection in place to protect their business-critical data. To put in place a robust and effective solution, businesses should look for DLP solutions that integrate with their existing security systems such as Symantec Data Loss Prevention V10, an open DLP platform. The open platform enables businesses to utilise existing encryption or ECM solutions as part of their complete data protection package.

As threats to sensitive information continue to grow and the consequences of a breach become ever more serious, only those organisations that act aggressively and constantly update their expertise and systems can be assured that their information is secure and their business is protected from both internal and external security threats.

*Craig Scroggie, Vice President and Managing Director - Pacific region, Symantec