Your SlideShare is downloading. ×
Data Protection, Humans and Common Sense
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Data Protection, Humans and Common Sense

195
views

Published on

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
195
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
  • 2. Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
  • 3. What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
  • 4. Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 5. Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
  • 6. Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
  • 7. Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
  • 8. Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 9. Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 10. Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
  • 11. Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
  • 12. So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
  • 13. Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
  • 14. Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
  • 15. Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
  • 16. You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
  • 17. What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
  • 18. What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
  • 19. User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
  • 20. Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
  • 21. ‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
  • 22. But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
  • 23. Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
  • 24. Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.